WO2012037420A2 - Secure and efficient content screening in a networked environment - Google Patents

Secure and efficient content screening in a networked environment Download PDF

Info

Publication number
WO2012037420A2
WO2012037420A2 PCT/US2011/051855 US2011051855W WO2012037420A2 WO 2012037420 A2 WO2012037420 A2 WO 2012037420A2 US 2011051855 W US2011051855 W US 2011051855W WO 2012037420 A2 WO2012037420 A2 WO 2012037420A2
Authority
WO
WIPO (PCT)
Prior art keywords
content
trusted
watermark extraction
devices
extraction
Prior art date
Application number
PCT/US2011/051855
Other languages
French (fr)
Other versions
WO2012037420A3 (en
Inventor
Joseph M. Winograd
Rade Petrovic
Jian Zhao
Original Assignee
Verance Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Verance Corporation filed Critical Verance Corporation
Priority to KR1020137009718A priority Critical patent/KR101594230B1/en
Priority to EP11825990.2A priority patent/EP2616984A4/en
Priority to CN201180051678.7A priority patent/CN103189872B/en
Publication of WO2012037420A2 publication Critical patent/WO2012037420A2/en
Publication of WO2012037420A3 publication Critical patent/WO2012037420A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C5/00Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1063Personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/608Watermarking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/103Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for protecting copy right
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies

Definitions

  • the present invention generally relates to the field of content management. More particularly, the disclosed embodiments relate to efficient and secure extraction of watermarks from media content to enable content management.
  • auxiliary information signal is hidden within a host content in such a way that it is substantially imperceptible, and at the same time, difficult to remove without damaging the host content.
  • the auxiliary information that is hidden within the host content can then allow content management to be carried out to varying degrees.
  • content management includes, but is not limited to, the management of the use of content in accordance with one or more policies.
  • the auxiliary information may merely convey that the host content is not allowed to be copied (i.e., a "no copy allowed" watermark).
  • a compliant device can include, but is not limited to, a device that performs screening, or otherwise operates in a manner consistent with a content use policy.
  • Content use (or the uses of content) can include, but is not limited to, operations involving content such as playback, copy, record, transfer, stream, or other operations.
  • the embedded auxiliary information can identify the rightful owner(s), author(s) and/or author(s) of the content or can provide a serial number associated with the content or other content identifying information.
  • the auxiliary information can also be used for other applications, such as to monitor the usage of the embedded host content, resolve ownership disputes, and keep track of royalties and the like.
  • transformation operations such as decryption, decompression, de-multiplexing, etc., that are must be performed before watermark extraction can be attempted.
  • the disclosed embodiments improve the efficiency of watermark extraction and the associated processing by reducing the overall resource engagement, utilizing spare resources whenever possible, and distributing resource engagement in time to achieve low peak requirements and optimize cost-performance tradeoff. These and other features of the disclosed embodiments are effected while maintaining appropriate levels of security associated with the usage of watermarks.
  • the disclosed embodiments further enhance the capabilities of connected (e.g., networked) devices to effect watermark extraction, content screening and content management through cooperative efforts.
  • Watermark extraction and content screening operations which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices.
  • Secure and efficient content watermark extraction and content screening operations can be carried out by exchanging certificates between the various devices in a network. The exchanged certificates can further enable the exchange of device capabilities, thereby facilitating the allocation of operational configuration to conduct watermark extraction and content screening operations.
  • One aspect of the disclosed embodiments relates to a method that includes receiving a request for access to a content at a first device from a second device, where the first device operates in a network. This method further comprises performing device authentication to ascertain a trusted status associated with one or both of the first and second devices, and determining an operational configuration for performing watermark extraction and/or screening operations using of one or more trusted devices.
  • the second device is a trusted content client device, and the second device is configured to perform the watermark extraction and screening operations.
  • the second device is also a trusted content client device.
  • a trusted slave device is configured to perform the watermark extraction operation and provide information associated with the extraction information to the second device.
  • the second device is configured to perform the screening operation.
  • a trusted delegated device is configured to perform the watermark extraction and screening operations.
  • the first device is a trusted content server, and the first device is configured to perform the watermark extraction and screening operations.
  • the first device is similarly a trusted content server.
  • a trusted slave device is configured to perform the watermark extraction operation and provide information associated with the extraction information to the first device. Further, the first device is configured to perform the screening operation.
  • a trusted delegated device is configured to perform the watermark extraction and screening operations.
  • the first device is a trusted content server and the second device is a trusted content client device. According to this embodiment, the first device is configured to perform the watermark extraction operation and the second device is configured to perform the screening operation.
  • the second device is configured to perform the watermark extraction operation. In this embodiment, the first device is configured to perform the screening operation.
  • the network in the above described method is a home network.
  • a home network can be a digital living network alliance (DLNA) network.
  • DLNA digital living network alliance
  • the second device also operates in the network, in another embodiment, the second device operates outside of the network.
  • the first device is a non-compliant device and the second device is a compliant device.
  • the first device is a compliant device but the second device is a non-compliant device.
  • both the first and the second devices are non-compliant devices.
  • a device that includes a processor and a memory, including processor executable code.
  • the processor executable code when executed by the processor configures the device to receive a request for access to a content at a first device from a second device, where the first device operates in a network.
  • the processor executable code when executed by the processor also configures the device to perform device authentication to ascertain a trusted status associated with one or both of the first and the second devices.
  • the processor executable code when executed by the processor further configures the device to determine an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
  • the computer program product comprises program code for receiving a request for access to a content at a first device from a second device, the first device operating in a network.
  • the computer program product also includes program code for performing device authentication to ascertain a trusted status associated with one or both of the first and the second devices.
  • the computer program product further includes program code for determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
  • Another aspect of the disclosed embodiments relates to a device that comprises means for receiving a request for access to a content at a first device from a second device, the first device operating in a network and means for performing device authentication to ascertain a trusted status associated with one or both of the first and the second devices.
  • a device further includes means for determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
  • Another aspect of the disclosed embodiments relates to a method that comprises receiving a request for access to a content at a gateway device configured to coordinate operations of a plurality of devices within a network. Such a request is received from a second device for access to the content that is accessible to the first device, where the first device is configured to operate within the network. Such a method further includes coordinating, at the gateway device, device authentication to ascertain a trusted status associated with one or both of the first and second devices, and determining, at the gateway device, an operational configuration for performing watermark extraction and content screening operations using of one or more trusted devices.
  • the second device is a device that is configured to operate within the network, while in another embodiment, with the second device is a device that is configured to operate outside of the network.
  • the gateway device is configured to communicate with the one or more trusted devices to commence the watermark extraction and/or screening operations.
  • the gateway device is configured to revoke a trusted status of a device within the network.
  • the gateway device is configured to retain usage rules associated with embedded watermarks.
  • the gateway device is also configured to communicate the usage rules to various trusted devices.
  • a gateway device that comprises a processor, and a memory, comprising processor executable code.
  • the processor executable code when executed by the processor configures the gateway device to receive a request for access to a content at the gateway device that is configured to coordinate operations of a plurality of devices within a network. The request is received from a second device for access to the content that is accessible to the first device, where the first device is configured to operate within the network.
  • the processor executable code when executed by the processor further configures the gateway device to coordinate device authentication to ascertain a trusted status associated with one or both of the first and second devices.
  • the processor executable code when executed by the processor also configures the gateway device to determine an operational configuration for performing watermark extraction and content screening operations using of one or more trusted devices.
  • the computer program product also comprises computer code for coordinating device authentication to ascertain a trusted status associated with one or both of the first and second devices, and computer code for determining an operational configuration for performing watermark extraction and content screening operations using of one or more trusted devices.
  • Another aspect of the disclosed embodiments relates to a device that comprises means for transmitting a request for access to a content from a second device to a first device, the first device operating in a network.
  • This device also includes means for performing device authentication to ascertain a trusted status associated with the first device, and means for determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
  • Another aspect of the disclosed embodiments relates to a method that includes transmitting a request for access to a content from a second device to a first device, where the first device operating in a network. This method also includes performing device
  • FIG. 10 Another aspect of the disclosed embodiments relates to a device that comprises a processor and a memory, including processor executable code.
  • the processor executable code when executed by the processor configures the device to transmit a request for access to a content from a second device to a first device, the first device operating in a network, and to perform device authentication to ascertain a trusted status associated with the first device.
  • the processor executable code when executed by the processor further configures the device to determine an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
  • the computer program product includes program code for transmitting a request for access to a content from a second device to a first device, where the first device operates in a network.
  • the computer program product also includes program code for performing device authentication to ascertain a trusted status associated with the first and device, and program code for determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
  • An aspect of the disclosed embodiments relates to a method that comprises receiving a device authentication certificate at a first device from a second device and verifying an authenticity of the certificate. This method also includes ascertaining capabilities of the second device and determining an operational configuration for conducting watermark extraction and/or screening operations associated with a content.
  • the certificate contains information indicative of at least a portion of the capabilities of the second device.
  • the certificate is a digital transmission content protection over Internet protocol (DTCP-IP) certificate, and the information regarding the capabilities of the second device is carried as part of that DCTP-IP certificate.
  • DTCP-IP digital transmission content protection over Internet protocol
  • at least a portion of the capabilities of the second device is ascertained from a source other than the certificate. For example, at least a portion of the capabilities of the second device can be received through an additional communication with the second device.
  • the ascertained capabilities of the second device includes a capability to conduct some or all of the watermark extraction operation and/or content screening operations.
  • the operational configuration can designate the second device to perform at least one of the watermark extraction and content screening operations.
  • the ascertained capabilities of the second device include a capability to grant computational and memory resources to other devices.
  • the above-noted method further includes receiving a device authentication certificate at the second device from the first device, verifying the authenticity of the certificate received from the first device and ascertaining capabilities of the first device.
  • the certificate that is received from the first device contains information indicative of at least a portion of the capabilities of the first device.
  • the certificate that is received from the first device is a digital transmission content protection over Internet protocol (DTCP-IP) certificate and the information regarding the capabilities of the first device is carried as part of that DCTP-IP certificate.
  • DTCP-IP digital transmission content protection over Internet protocol
  • at least a portion of the capabilities of the first device is ascertained from a source other than the certificate. For instance, at least a portion of the capabilities of the first device can be received through an additional communication with the first device.
  • the ascertained capabilities of the first device comprise a capability to conduct some or all of the watermark extraction and/or content screening operations.
  • the ascertained capabilities of the first device comprise a capability to grant computational and memory resources to other devices.
  • the determination of the operational configuration for conducting watermark extraction and/or screening operations is conducted in accordance with the ascertained capabilities of the first device and the second device.
  • the operational configuration designates the first device to perform at least one of the watermark extraction and the content screening operations.
  • the operational configuration designates the first and the second devices to collaboratively perform the watermark extraction and the content screening operations.
  • the operational configuration designates at least one of the first and the second devices to conduct the watermark extraction and content screening operations in accordance with a factor selected from the group consisting of: availability of computational resources, availability of watermark extraction and screening capabilities, integration complexity for a device manufacturer, consumer experience, processing performance, and an overall preference ranking.
  • at least one of the first and second devices are configured to operate in a home network.
  • a home network can be a digital living network alliance (DLNA) network.
  • DLNA digital living network alliance
  • the processor executable code when executed by the processor configures the device to receive a device authentication certificate at a first device from a second device and verify an authenticity of the certificate.
  • the processor executable code when executed by the processor also configures the device to ascertain the capabilities of the second device and determine an operational configuration for conducting watermark extraction and/or screening operations associated with a content.
  • the computer program product comprises program code for receiving a device authentication certificate at a first device from a second device and program code for verifying an authenticity of the certificate.
  • the computer program product also includes program code for ascertaining capabilities of the second device and program code for determining an operational configuration for conducting watermark extraction and/or screening operations associated with a content.
  • Another aspect of the disclosed embodiments relates to a device that comprises means for receiving a device authentication certificate at a first device from a second device and means for verifying an authenticity of the certificate.
  • the device also includes means for ascertaining capabilities of the second device and means for determining an operational configuration for conducting watermark extraction and/or screening operations associated with a content.
  • Another aspect of the disclosed embodiments relates to a method that includes detecting an operation in a content handling device, where such an operation requires access to a content.
  • the method also includes retrieving an existing watermark extraction record associated with the content and authenticating the content in accordance with the existing watermark extraction record.
  • This method also includes effecting content screening in accordance with usage rules associated with the content.
  • the operation that requires access to the content can be at least one of: a copying operation, a transferring operation, a rendering operation, a playback operation and a recording operation.
  • the existing watermark extraction record is retrieved from a location outside of the content handling device.
  • a location is at least one of: a private virtual locker on a cloud, a universal virtual locker on a cloud, a storage on a device that is compliant to DLNA (Digital Living Network Alliance) within a home network, a storage location within a digital living network alliance (DLNA) compliant network, a storage location within another device that is communicatively connected to the content handling device and a removable computer-readable storage medium.
  • DLNA Digital Living Network Alliance
  • the existing watermark extraction record comprises at least one of: an extracted watermark payload, a number of extracted watermarks, a time stamp associated with an extracted watermark payload, a content authentication information, a digital signature associated with the extraction record, the usage rules associated with the content, and an enforcement action associated with the usage rules and an extracted watermark payload.
  • the method can further include producing a new watermark extraction record.
  • the usage rules can prescribe an enforcement action in accordance with a result of the new watermark extraction operation.
  • the prescribed enforcement action can be stored as part of the new watermark extraction record.
  • the usage rules prescribe an enforcement action in accordance with the existing watermark extraction record.
  • the content screening comprises at least one of: muting at least a portion of the content, blanking at least a portion of the content, displaying a copyright notice, denying access to the content, and deleting the content.
  • the content handling device is digital living network alliance (DLNA) compliant device.
  • the operation that requires access to the content requires realtime access to the content.
  • the existing watermark extraction record comprises a segmented authentication information corresponding to a plurality of content segments, and the authentication is carried out for at least a segment of the content in accordance with the segmented authentication information.
  • the existing extraction information can accompany a streaming content.
  • the segmented authentication information comprises a segmented hash value.
  • the authentication is carried out for sequential segments of the content, while in a different example, the authentication is carried out for non- sequential segments of the content.
  • the screening is effected by evaluating the information contained within the existing watermark extraction record in conjunction with content use information associated with a predetermined time period.
  • the content use information can comprise an extracted watermark payload and an associated time stamp within a time interval immediately preceding the detection of the operation that requires content access.
  • the operation that requires content access in the content handling device requires access to a plurality of contents, where one or more of the plurality of the contents have a size below a particular threshold.
  • the content screening is effected by first concatenating the plurality of the contents with a size below the particular threshold and conducting a new watermark extraction operation on the
  • the content screening is further effected by aggregating the results associated with the new watermark extraction operation and the information obtained from the existing watermark extraction record that correspond to one or more of the plurality of the contents with a size above or equal to the particular threshold. These operations are followed by producing an enforcement action in accordance the aggregated results.
  • the processor executable code when executed by the processor configures the device to detect an operation in a content handling device, where such an operation requires access to a content.
  • the processor executable code when executed by the processor further configures the device to retrieve an existing watermark extraction record associated with the content.
  • the processor executable code when executed by the processor also configures the device to authenticate the content in accordance with the existing watermark extraction record and effect content screening in accordance with usage rules associated with the content.
  • the computer program code comprises computer code for detecting an operation in a content handling device, where such an operation requires access to a content.
  • the computer program product also includes computer code for retrieving an existing watermark extraction record associated with the content, computer code for authenticating the content in accordance with the existing watermark extraction record, and computer code for effecting content screening in accordance with usage rules associated with the content.
  • Another aspect of the disclosed embodiments relates to a device that comprises means for detecting an operation in a content handling device, where such an operation requires access to a content.
  • the device further comprises means for retrieving an existing watermark extraction record associated with the content.
  • the device also includes means for authenticating the content in accordance with the existing watermark extraction record and means for effecting content screening in accordance with usage rules associated with the content.
  • FIG. 1 is a block diagram of a content handling device in accordance with an example embodiment
  • FIG. 2 is a flow diagram of certain watermark extraction and content screening operations in accordance with an example embodiment
  • FIG. 3 is a flow diagram of certain watermark extraction operations in accordance with an example embodiment
  • FIG. 4 illustrates a block diagram of a invocation model device configuration in accordance with an example embodiment
  • FIG. 5 illustrates a block diagram of a delegation model device configuration in accordance with an example embodiment
  • FIG. 6 illustrates a block diagram of a content server and content client device configuration in accordance with an example embodiment
  • FIG. 7 illustrates an authentication procedure in accordance with an example embodiment
  • FIG. 8 illustrates collaborative watermark extraction and content screening operation in accordance with an example embodiment
  • FIG. 9 illustrates a block diagram of a content distribution architecture in accordance with an example embodiment.
  • FIG. 10 illustrates a block diagram of an exemplary device that can accommodate the disclosed embodiments.
  • exemplary is used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word exemplary is intended to present concepts in a concrete manner.
  • DLNA Digital Living Network Alliance
  • CE interoperable consumer electronics
  • PC personal computers
  • mobile devices in the home and on the road, enabling a seamless environment for sharing and growing new digital media and content services.
  • DLNA is focused on delivering interoperability guidelines based on open industry standards to complete the cross-industry digital convergence.
  • DRM Digital rights management
  • Link Protection is the only content protection mechanism in DLNA, which is an optional implementation for a DLNA-compliant device.
  • the primary use case for Link Protection applies to a commercial content that is stored on a media server and protected by a DRM technology.
  • Link Protection provides that such a content can be decrypted and re- encrypted using a Link Protection technology by the media server before being sent to a client device (such as a television). The client device then decrypts the received content and renders/displays it.
  • DLNA Link Protection thus enables view-only sharing of commercial content on all devices in, for example, a home network.
  • Link Protection is not able to prevent pirated commercial content from being shared and consumed in the home network.
  • DLNA- enabled content sharing can result in easier and wider sharing of pirated content.
  • the absence of an appropriate content protection in DLNA has been a barrier for commercial content to be made widely available in DLNA-compliant networks.
  • the disclosed embodiments utilize watermarks that are embedded within a host content to identify unauthorized or pirated content in a network, such as DLNA-compliant networks, and to enable the communication and enactment of use policies for content across a broad range of distribution channels and devices.
  • screening and/or content screening are used to refer to operations that include, but are not limited to, examination of a content by a device to determine whether a use conforms to a content use policy.
  • the content use policy can, for example, include one or more rules governing the use of content, including, but not limited to, the conditions under which certain uses result in the taking of a specified action.
  • extraction can refer to operations that include, but are not limited to, examination of a content to determine the presence of a watermark, and possible assessment of the auxiliary data within the detected watermark. During extraction, the watermark is typically not removed from the content.
  • the disclosed embodiments can also readily accommodate watermark extraction algorithms that remove the embedded watermarks during the extraction process. According to the disclosed embodiments, by way of various operations, such as the extraction of watermarks from a content, the assessment of usage rules associated with the extracted watermarks and the application of appropriate enforcement actions, can be distributed among one or more trusted entities.
  • such enforcement actions include, but are not limited to, the elements of a content use policy that relate to an operation or a function that is performed when a specified type of use occurs.
  • the disclosed embodiments enable a device to determine if another device is trustworthy, and to ascertain the extent of watermark extraction and/or screening capabilities of that device.
  • watermarks can be used to protect audio or audio- visual content from unauthorized uses.
  • movies that are being released to theaters can be embedded with watermarks that carry a "No-Home-Use” (NHU) code, indicating that they are only to be duplicated by professional replicators and played back on professional projection equipment.
  • NHU No-Home-Use
  • content that is released on Blu-ray Disc, DVD, or by authorized download services can be embedded with watermarks that carry a "Trusted Source” (TS) code, indicating that such content is intended for consumer use, but with limitations that they must be protected by trusted DRM technologies.
  • TS Trusted Source
  • content can be embedded with watermarks carrying codes that uniquely identify the content, such as with an industry standard identification code such as the International Standard Audiovisual Number (IS AN), International Standard Recording Code (ISRC), Global Release Identifier (GRID), International Standard Book Number (ISBN), Universal Product Code (UPC), or a value assigned from another numbering system, and for which a mechanism is provided to use the identification code to "look up" more detailed descriptive information about the content and the permissions (or “rights") associated with its use, such as in a locally stored or online database.
  • an industry standard identification code such as the International Standard Audiovisual Number (IS AN), International Standard Recording Code (ISRC), Global Release Identifier (GRID), International Standard Book Number (ISBN), Universal Product Code (UPC), or a value assigned from another numbering system, and for which a mechanism is provided to use the identification code to "look up" more detailed descriptive information about the content and the permissions (or “rights") associated with its use, such as in a locally stored or online database.
  • the embedded watermarks that are provided in accordance with the disclosed embodiments can be embedded within the audio, video and/or image portions of the content and are designed to remain with the content, wherever it appears, including after copying, conversion to different formats, capturing by a camcorder, and other intentional and unintentional content manipulations.
  • Content handling devices such as Blu-ray Disc players, can detect the presence of the embedded watermarks and limit the use of the content when certain unauthorized uses are identified. For example, playback or copying of unauthorized copies of the content may be stopped or an audio portion of the content may be muted, depending on which embedded code is extracted and what operation is being performed by the content handling device.
  • watermark extraction prior to the use (e.g., playback, copying, transmission, display, etc.) of the content.
  • the watermark extraction operation is sometimes referred to as "background" watermark extraction.
  • a watermark extraction operation that is conducted prior to the usage of a content can produce an extraction record for secure storage in order to reduce the need for real-time extraction on the same content at the time of a future use.
  • a real-time extraction is performed on content at the time that content is being used.
  • watermark extraction can also be real-time extraction.
  • an extraction record can be created that includes, but is not limited to, information representing the results of a background extraction operation in a form suitable for storage.
  • background in the context of the disclosed embodiments is not intended to convey that the associated operations are necessarily performed through background processing within a multitasking operating system. Rather, background extraction can be performed as part of foreground processing, background processing, or combinations thereof.
  • the content use may be delayed until the watermark extraction process is at least partially completed.
  • watermark extraction and content usage are interleaved in time so that watermark extraction is always ahead of content use.
  • watermark extraction may take place in real-time, during, and in synchronization with, the transfer or the usage of the content.
  • the results of watermark extraction are stored in a secure fashion so that they can be retrieved at a different time, such as at the start of content usage.
  • the watermark extraction is carried out by a watermark extractor that can be configured to extract, process, decode and analyze the embedded watermarks to discern the presence of watermarks and/or to obtain the payload value of the embedded watermarks.
  • the watermark extraction may further include discerning some or all of the usage rules associated with the embedded watermarks.
  • the extraction of watermarks is typically a passive operation that does not affect the integrity of the host content.
  • a watermark extractor which may be implemented in software, hardware and/or firmware, can be further configured to designate potential enforcement actions that must be initiated based on the extracted watermarks and in conformance with the associated usage rules.
  • the content may be purged (i.e., deleted).
  • the content may be preserved and the user may be informed of the content status at a convenient moment (e.g. at the start of a playback attempt).
  • the user may be advised as to one or more recommended corrective actions, such as purchasing a license that allows authorized playback of the content.
  • the above scenarios only provide a few exemplary enforcement actions that may be commenced upon the extraction of one or more embedded watermarks. However, it is understood that additional enforcement actions may additionally or alternatively be effected.
  • the extraction process may produce watermarks that are insufficient to trigger an enforcement action.
  • enforcement rules associated with a trusted source (TS) watermark require the extraction of watermarks over an extended period of time before triggering an enforcement action.
  • TS trusted source
  • an enforcement action logic for a feature movie may require finding the TS watermarks in at least 7 out of 9 sequential 200-second screening intervals in order to trigger an enforcement action.
  • an enforcement logic may require finding the TS watermarks in at least 7 out of 9 sequential 100- second screening intervals in order to trigger an enforcement action.
  • an enforcement logic includes, but is not limited to, the elements of a content use policy that relate to the types of use of content that will result in a specified enforcement action.
  • the stored information must be secured against manipulation in a secure way.
  • digital signatures are used to ensure that the stored information is authentic and free of tampering. It is also desirable to ensure user privacy by preventing unauthorized third parties from accessing the stored information. This can be achieved by utilizing encryption techniques to protect the stored data from unauthorized access.
  • digital transmission content protection over Internet protocol DTCP-IP
  • DTCP-IP digital transmission content protection over Internet protocol
  • all DTCP-IP compliant devices are assigned a unique device identification code and a device public/private key pair.
  • the stored extraction information can be digitally signed by the private key of the DLNA-compliant device and encrypted using the public key of that device.
  • extraction information can include, but is not limited to, information that is obtained from performing an extraction operation. As a result, only that device can create new digital signatures and decrypt the stored extraction information, while anyone with the associated public key can detect tampering attempts to the stored information.
  • FIG. 1 illustrates an exemplary content handling device 100 that may be used to accommodate the disclosed embodiments.
  • the content handling device may conduct one or more operations such as rendering, recording, copying, transferring and/or playback of an input content 102.
  • the input content 102 may be communicated to the content handling device 100 through one or more communication channels comprising wired and/or wireless communication channels, magnetic, optical, Flash and/or other computer readable media, or other sources.
  • the content handling device 100 can be configured to detect the presence of the input content 102.
  • the same or a different component within the content handling device can detect a request for the input content 102 that is received from another entity.
  • the detection of the input content 102 or the reception of a request for the input content 102 can be carried out by a detector/receiver component within the content handling device 100.
  • a detector/receiver component can be part of, or a separate component from, the commutation component 110.
  • a component such as a processor that is executing a program code, within the content handling device 100 can generate such a request for the content and transmit the request to another device through, for example, the communication component 110.
  • the content handling device 100 is DLNA- compliant device, which may be in communication with one or more other DLNA-compliant devices.
  • the content handling device comprises a watermark extractor 104 that screens the input content for the presence of watermarks.
  • the watermark extractor 104 can extract, process, decode and/or analyze the embedded watermarks and to discern the usage rules associated with the embedded content.
  • the content handling device can also include a digital signature generator 106, which can be configured to produce digital signatures in accordance with one or more algorithms.
  • an encryption/decryption component 108 within the content handling device 100 can be configured to encrypt/decrypt some or all of the input content 102 and/or extraction information that is produced by the watermark extractor 104.
  • the encryption/decryption component 108 can be configured to implement a variety of public - and/or private-key encryption and/or decryption algorithms.
  • the content handling device 100 can further include an authentication component 120 that can produce authentication parameters associated with the input content 102, authentication information associated with extraction information, and/or device authentication information (e.g., certificates).
  • the authentication component 120 can include a hash generation component that generates hash values for a sequence of input values.
  • the authentication component 120 can further compare newly generated authentication information with a previously stored authentication information to verify an integrity of a content.
  • the authentication component 120 can be configured to implement a variety of hashing algorithms, such as MD5, SHA-1 and SHA-2.
  • the authentication component 120 may further be configured to carry out the necessary operations to effect device authentication. As such, the authentication component 120 can generate and communicate requests for device authentication, authentication information, exchange authentication certificates and verify the trustworthiness of another device.
  • FIG. 1 also illustrates one or more storage units 112 that can reside within the content handling device 100.
  • Such storage units 112 can store the input content 102 (e.g., in encrypted, partially encrypted or clear format), the information produced by the watermark extractor 104 and the associated indexing information and meta data, content authentication information, compliance rules associated with the usage of embedded content and the associated enforcement actions, as well as computer program code that can be retrieved in order to implement any one of the functionalities of the disclosed embodiments.
  • the storage unit 112 can be in communication with various components of the content handling device 100, such as the watermark extractor 104, the digital signature generator 106, the encryption component 108, the authentication component 120, one or more processors within the content handling device 100 and the like.
  • FIG. 1 also shows a storage unit 118 that may reside outside of the content handling device 100.
  • the outside storage unit 118 which may be in communication with the content handling device 100 through the communication component 110 via the communication link 120, can store some or all of the above noted input content 102, watermark extraction records, as well as other data and program code.
  • the communication component 110 may further allow the content handling device 100, or particular modules or components with the content handling device 100, to communicate with the outside storage unit 188 and/or outside entities and users.
  • FIG. 1 also depicts a compliance enforcer 114 that can be configured to evaluate the enforcement logic associated with the extracted watermarks of a particular content, and enforce the rules associated with enforcement actions.
  • enforcement actions can include aborting the desired operation (e.g., not outputting the output content 116), muting the audio and/or blanking the screen associated with the output content 116, and/or presenting a copyright restriction notice.
  • the content handling device 100 can also include additional components, one or more processors or controllers and additional memory devices that are not explicitly shown in FIG. 1.
  • a component within the content handling device may receive information associated with other devices that can communicate with the content handling device 100. Such information can be received, for example, through the communication component 110.
  • the same, or a separate, component within the content handling device 100 can make decisions regarding the delegation of some or all of the screening operations (such as watermark extraction, screening, etc.) to the components within the content handling device 100 (e.g., to watermark extractor 104, compliance enforcer 114, etc.) and/or to other devices that can communicate with the content handling device 100.
  • the components within the content handling device 100 can be implemented in hardware or software, or combinations thereof.
  • the media handling device 100 of FIG. 1 is depicted as a single device, one or more of the components or modules associated with the content handling device 100 may be implemented as part of a separate device.
  • the watermark extractor 104 may be implemented in a first device that is separate from a second device that implements the compliance enforcer 114.
  • the watermark extraction that is carried out in accordance with the disclosed embodiments can be executed whenever a new content is detected (e.g., within a home network, such as a DLNA-compliant network) and whenever spare resources are available to certain trusted device within the DLNA-compliant network. This way, peak processing loads on any given device can be decreased by distributing the processing load over time and/or over other devices with the home network.
  • the disclosed embodiments further enable background watermark extraction to be carried out in conjunction with other trusted devices that may reside outside of the home network and/or trusted devices that are part of a different network.
  • the background processing operations may be conducted, at least in- part, by trusted devices that reside within a DLNA-compliant network that can, directly or indirectly, communicate with devices that may reside in a non-centralized network of devices in a secure fashion. Further details as to how trusted devices are identified and utilized to carry out all, or part of, the content screening operations will be discussed in the sections that follow.
  • the background watermark extraction is executed with a low priority to ensure the availability of computational and memory resources for other higher- priority operations and to improve user' s experience.
  • extraction records can be indexed by the content file name (which, for example, includes the file folder name or the path to the file), by a universal resource locator (URL) associated with the watermark extraction records.
  • the extraction records can also contain the file size of the associated content. Presence of a new content can be detected by periodically searching for new file names on the device or additional/affiliated devices that may reside within the home network. Alternatively, or additionally, the presence of a new content can be detected whenever the opportunity for watermark extraction arises, such as in situations where spare computational and memory resources become available.
  • FIG. 2 illustrates the operations associated with the generation of extraction information and the usage of such information in accordance with an exemplary embodiment.
  • the process starts at 202, where watermark extraction is performed.
  • the results of the watermark extraction can include the payload value of extracted watermarks and an associated time stamp that designates the temporal location of the extracted watermark within the content.
  • the extraction information can further include a file name, a file size and other information associated with the content.
  • content authentication information is generated. This information can be used to verify that the content has not been modified or tampered with. For example, at 204, a hash value associated with the content can be generated. As will be described in the sections that follow, hash value generation can ensure authenticity of the content and its proper correspondence to the associated extraction information.
  • a digital signature associated with the extraction information is calculated.
  • the digital signature is appended to the extraction information.
  • at least a portion of the extraction information and the associated digital signature are encrypted.
  • only the extraction information is encrypted, while in another example, both the extraction information and the associated digital signature are encrypted.
  • the fully, or partially, encrypted extraction record is then stored on a storage media at 210. Certain additional operations, such as indexing of the content items, compressing the content items, etc., may also be carried out at some point after watermark extraction 202 but before storage of extraction information 208.
  • the stored extraction information may be retrieved at a later instance in time (e.g., at the time of playback of the content).
  • authenticity of the content is verified. Authentication of the content will be described in further details in the sections that follow. If content authentication does not succeed ("NO" at 214), watermark extraction operations are conducted for the content by, for example, returning to block 202. If content authentication succeeds ("YES" at 214), the usage rules associated with the extraction information are checked at 216. For example, the usage rule associated with a No Home Use watermark payload can prevent the playback of the content on a consumer device.
  • the usage rules may be stored at a storage location internal or external to the content handling device.
  • the usage rules may be received from an outside entity, such as a trusted authority.
  • the applicable enforcement actions if any are effected. For example, an audio portion of the output content can be muted, or a copying operation can be aborted.
  • the usage rules associated with the extracted watermarks are stored along with the extraction information in step 210. In these embodiments, prior to the application of the enforcement action at 218, it must be ensured that the stored usage rules are up to date. In another embodiment, the applicable enforcement actions may also be stored along with the extraction information at 210.
  • the operations that are illustrated in the block diagram of FIG. 2 are also applicable to the embodiments where the extraction of watermarks are carried out in real-time (e.g., as the content is being rendered, displayed, etc.).
  • the extraction information, at 202 is produced in parallel with, or slightly earlier than, rendering a particular segment of the content.
  • the extraction information which is stored, at least temporarily, at a storage location, can be accessed to determine if an enforcement action is needed in conformance with the associated usage rules.
  • the creation of a digital signature, at 206, and encryption of the extraction information, at 208 may not be feasible due to a lack of computational resources.
  • the extraction information may be stored within a tamper-resistant portion of the watermark extractor.
  • Implementation of tamper-resistant modules within a device i.e., a software and/or a hardware device
  • FIG. 3 illustrates the operations that are commenced upon the detection of a new content file at a content handling device.
  • a new content is detected when a device encounters a new content and commences the subsequent actions for obtaining the associated extraction records.
  • a "new content” is any content that does not have a matching file and/or path names in the extraction records.
  • a content handling device may monitor certain operations, such as “save” and “import” operations, and trigger additional operations if particular conditions are satisfied.
  • a content that has a matching path and file name is still considered a new content. Referring back to FIG. 3, at 302, the presence of a new content is detected.
  • the file is designated to be subject to watermark extraction at 318.
  • the content can be placed on a waiting list to be processed for watermark extraction.
  • a content file is considered a new file if the file's base name (regardless of the file's full path name) does not exist within the device or an associated entity, such as a connected database. If the content file is not new (i.e. "NO" at 304), it is determined, at 306, if the new content and the existing content have an identical file size.
  • the process moves to 318, where the content is designated for watermark extraction. If, at 306, the file sizes do match (i.e., "YES” at 306), a content authentication operation is triggered at 308 (content authentication procedures will be described in the sections that follow). If content authentication fails (i.e., "NO” at 310), the content is designated for watermark extraction at 318. Otherwise (i.e., "YES” at 310), it is determined, at 312, if the content path name is new (i.e., via comparing the path name of the new content against the existing path name that is saved in the extraction record).
  • the flow diagram of FIG. 3 is intended to facilitate the understanding of the disclosed embodiments. Therefore, additional or fewer steps may be undertaken in order to implement the various embodiments. It should be also noted that in order to facilitate the search for new and/or duplicate files, the stored content files and/or the associated extraction records may be indexed using a variety of indexing techniques and parameters. For instance, the file name may be used as an index for searching a database of content files.
  • the device further verifies if the previously analyzed files (e.g., files that have previously been subjected to watermark extraction) are still present on the device.
  • This process can be executed in association with the process of searching for new files, or it can be performed independently when spare resources are available, or when a delete action is executed on the device. If the content associated with an extraction record is removed from the device, the extraction record may also be removed to conserve memory resources and to reduce the computational efforts in searching through stored extraction records.
  • watermark extraction can be executed at real-time (i.e. on-the-fly). If enough computational and/or memory resources are not available for both the execution of a realtime extraction and usage of the content, the content use can be delayed until the watermark extraction process is at least partially completed. In some examples, watermark extraction and content usage are interleaved in time (e.g., watermark extraction over one segment is followed by usage of that segment) so that watermark extraction is always ahead of content use. [0081] An important security consideration is the possibility of content modifications or substitutions after the watermark extraction has been completed.
  • an unmarked content may be initially imported, and then an external program may attempt to replace watermark-bearing component of the content with a new content (which may have embedded watermarks).
  • a new content which may have embedded watermarks.
  • an attacker may intentionally preserve the same file name and file size to prevent the content from being designated for watermark extraction.
  • the device must authenticate the content before using the stored extraction information. This operation was previously described in connection with step 212 in FIG. 2.
  • Content authentication can be quickly and securely carried out using one-way cryptographic hash function such as MD5, SHA-1 or SHA-2.
  • a hash value is calculated and saved together with the extraction results, as depicted in FIG. 2, steps 204 to 210.
  • a hash value for the content is computed and compared to the previously stored hash value (e.g., at 212 in FIG. 2). If the newly computed values match the stored hash values, the content is deemed to be authentic and, therefore, the associated extraction information can be used to effect any applicable enforcement actions.
  • the usage of the content may be fully or partially disabled (e.g., copying aborted, playback stopped, copyright notice displayed, etc.). Additionally, or alternatively, the content can be designated to undergo a new watermark extraction operation (see, e.g., FIG. 2, "NO” at step 214 and Fig. 3, "NO” at step 310).
  • the content authentication information (e.g., a hash value) is produced (e.g. at step 204 in FIG. 2) when the content is in encrypted format.
  • content authentication is conducted (e.g., at step 212 in FIG. 2), there is no need to decrypt the content before verifying the content' s authenticity. Therefore, at the moment of content use, the disclosed embodiments only require the generation of the content authentication information (e.g., a hash value) rather than undertaking a full watermark extraction operation.
  • This aspect of the disclosed embodiments provides a substantial improvement in efficiency of operations of a content handling device, especially in cases where content transformations, such as decryption, decompression, de-multiplexing etc., are required prior to watermark extraction.
  • Many hash functions can be implemented efficiently in hardware and/or software.
  • the stored extraction information must be decrypted in order to retrieve the stored hash values.
  • the size of the stored watermark extraction record is relatively small, such a decryption operation is not likely to present a significant processing burden.
  • This requirement is related to an attack where a pirate tries to substitute a marked content with an unmarked content, which has the same hash value, in order to create an extraction-free watermark extraction report.
  • the attacker may attempt to replace the unmarked content with a marked content with the same hash value to avoid the screening of marked content.
  • further reductions in processing load associated with hash function calculation can be achieved by selecting only a subset of data from the content to be input to hash function calculation.
  • the selection process is maintained as a secret.
  • random content segments can be selected using a random number generator that uses the device private key as a seed.
  • the disclosed embodiments further provide for the operation of a content handling device by considering security concerns related to mosaic attacks.
  • a mosaic attack is defined as breaking up a content into multiple segments such that each content segment can individually evade an enforcement action.
  • a content is divided into segments that are individually subject to watermark extraction.
  • the segments are assembled again for presentation to the user using, for example, a playlist feature at content rendering instance.
  • a coarse mosaic attack typically involves producing relatively large content segments. For example, a feature movie may be segmented into several 10-minute chunks in order to avoid Trusted Source (TS) enforcement on individual segments. This attack can be successful for a TS-marked content since, as noted earlier, repeated watermark extractions in several content segments are required to trigger an enforcement action.
  • TS Trusted Source
  • a coarse mosaic attack can be circumvented in a compliant device by safely storing the content use history associated with that device, and subsequently retrieving and analyzing the content use history with each new content use.
  • the content use history provides a record of all watermark extractions, together with an associated time stamp, within a predefined interval (e.g., for at least the last 20 minutes content use by the device). Watermark extraction results for any new content use can then be appended to the retrieved content use history data in order to evaluate if an enforcement condition is present.
  • the evaluation of an enforcement condition can be based on an aggregate of a retrieved content use history and the extraction record for each item on the playlist in the listed order. This way, the enforcement condition can be efficiently evaluated without having to conduct a real-time watermark extraction operation content use commences.
  • Another attack scenario relates to a fine mosaic attack, in which a content is divided into a large number of segments with fine granularity such that watermark extraction from each individual segment is not feasible.
  • a fine mosaic attack implies a significant overhead due to small file handling and, therefore, may not be practical for many devices.
  • a feature movie may be segmented into one-second clips and saved as a string of independent files that are later concatenated using some kind of playlist function.
  • fine mosaic attacks can be effectively thwarted by properly recognizing the presence of such an attack.
  • the existence of content files below a certain size limit triggers a fine mosaic countermeasure.
  • the detection of audio-visual content files that are less than five seconds long may be a flag that triggers fine mosaic countermeasures during a watermark extraction process.
  • a fine mosaic attack is thwarted by requiring watermark extraction over a number of concatenated files provided in a playlist.
  • Watermark extraction over the concatenated files can be carried out prior to the content use, or in real-time, during the content use.
  • the concatenated file contains a mix of files below and above the size limit
  • watermark extraction is performed only for the set of adjacent short files with a total length above the size limit. The result of this extraction process can be combined with the results of extraction information for the files above the size limit (which should have been previously conducted), and used for enforcement logic evaluation and/or enforcement.
  • an advanced watermark extractor may be instantiated upon the detection of a fine mosaic attack.
  • the advanced extractor can perform the bulk of the processing in the background mode, and save intermediate data for future use.
  • the intermediate data can consist of content features that are relevant for watermark extraction and have a size that can be much smaller than the original content. This feature of the disclosed embodiments can result in a significant reduction in the usage of computational and memory resources. Therefore, upon the detection of a fine mosaic attack, the device can quickly and efficiently extract the embedded watermarks just by evaluating the intermediate data as opposed to attempting to extract the watermarks from the original content.
  • the intermediate data can comprise correlation values between a known spread spectrum carrier and the content samples with a particular granularity.
  • the intermediate data is concatenated, watermark extraction is attempted and enforcement condition is evaluated based on any watermarks extracted from the intermediate data.
  • the concatenated file contains a mix of files that are below and above the size limit
  • the intermediate data concatenation and watermark extraction are needed only for the set of adjacent short files with total length above the size limit. The result of this extraction process can be combined with the extraction information associated with the files above the size limit, and used for enforcement logic evaluation and/or enforcement.
  • FIG. 4 illustrates an exemplary embodiment in which an invocation model is used to enable cooperative watermark extraction.
  • a master device 404 which receives an input content 402, is tasked with performing an operation (e.g., copying, transferring, playing, recording, etc.) that produces an output content 406.
  • the master device 404 invokes a slave device 412 to perform watermark extraction on a selected content 408 that is communicated to the slave device 412.
  • the master device 404 receives the extraction information 410 and decides if the selected content 408 will be delivered to the destination device and/or if additional enforcement actions, such as muting or displaying a warning message, are warranted.
  • This invocation model can be applied in situations where the master device 404 doesn't have the capability of watermark extraction or it is overloaded (e.g. in case of multiple instances of streaming or watermark extraction tasks) or it does not have appropriate codecs to handle the selected content.
  • FIG. 5 illustrates another exemplary embodiment in which a delegation model is used to enable cooperative watermark extraction.
  • a delegating device 504 which is tasked with performing an operation on an input content 402 (e.g., copying, transferring, playing, recording, etc.), completely delegates the watermark extraction to a delegated device 510.
  • the delegated device 510 receives the selected content 508 from the delegating device 504 and performs the watermark extraction operations.
  • the delegated device 510 further decides whether or not to forward the requested content (i.e., the trusted content 512 if the decision is made to forward the content) to a destination device 514 in accordance with usage rules associated with the extraction information 514.
  • the delegated device performs the watermark extraction and screening operations while streaming the content until the usage rules limit the use of the contents (e.g. stop of the streaming or muted audio).
  • the transfer of the content to the destination may start only after the partial or full completion of the watermark extraction and screening.
  • the delegated device 510 may or may not return the extraction information 514 to the delegating device 504 (this optional operation is depicted by the dashed arrow in FIG. 5 that starts from the delegated device 510 and terminates at the delegating device 504).
  • the delegating model can be used in various scenarios where the delegating device 504 doesn't have the capability of watermark extraction or it is overloaded (e.g.
  • this model is useful in the scenarios where the presence of a bridge device (e.g., the delegated device 510) is needed to enable a content transformation, such as converting a high-definition content to an MPEG-4 mobile version, and the like.
  • a bridge device e.g., the delegated device 510
  • a content transformation such as converting a high-definition content to an MPEG-4 mobile version, and the like.
  • the devices that may cooperatively perform screening may be aware of the codecs capability bilaterally or unilaterally. They may inquire or exchange the codecs capability before or at the beginning of the transfer of the selected content. For example, in DLNA that adopts HTTP protocol for content transfer, a device uses the MIME-TYPE values that are defined in DLNA Media Format Profiles as values for Content- Type in a HTTP request or response to specify the codecs of the requested content. Other content transfer protocols such as RTP (Real-time Transport Protocol) also support exchange of codecs capability.
  • RTP Real-time Transport Protocol
  • the sender of the selected content (either master device 404 or delegating device 504) is not aware of the codec capability of a receiving device (either a slave device 410 or a delegated device 510). In some embodiments, in such situations, if the receiving device does not have the appropriate codecs that are required to process the requested content, the receiving device informs the sender of the exception immediately (as part of extraction information 514). The receiving device may also optionally request the sender to convert and re-transfer the content in a media format that can be processed by the receiving device.
  • cooperative watermark extraction in accordance with the disclosed embodiments can be implemented in situations where a first device accesses the content and a second device renders (e.g., displays) that content.
  • the content-accessing device is usually unable to interpret the content, while the rendering device (which is, of course, able to interpret the content) is not trusted.
  • the content-accessing device may initiate a search to discover a trusted device that can interpret the content.
  • a trusted device must also be able to execute watermark extractions at a rate faster than, or equal to, the real-time rendering of the content.
  • the trusted device may, for example, be identified by consulting a list of trusted devices that can be securely accessed by the content-accessing device. Such a list can also be communicated securely to the content accessing device from a trusted authority.
  • the list is created during device discovery based on UPnP (Universal Plug and Play) networking protocols.
  • UPnP Universal Plug and Play
  • DLNA uses UPnP for discovery and description of device types and capabilities.
  • a device authentication procedure is commenced to verify the trustworthiness of a device and to ascertain its capabilities. Device authentication procedures will be further described in the sections that follow.
  • the extraction results and/or enforcement events that are produced by the trusted device may be returned to the content accessing device for further action and/or secure storage.
  • the above-noted real-time watermark extraction scenario can be considered an example of the invocation model described above.
  • This example scenario allows a commercial content to be delivered on a legacy rendering device (e.g. DLNA TV without a watermark extractor).
  • incentives may be provided by the content owners, Pay TV companies and Over-the-top (OTT) and on- demand content providers to the users who render the premium content directly on a trusted rendering device.
  • OTT Over-the-top
  • a flag in a DRM-protected commercial content may be inserted by the content distributor to indicate that the content must be rendered by a trusted client.
  • a delayed watermark extraction operation may, nevertheless, be conducted whenever the necessary resources become available.
  • the results that are produced by the delayed watermark extraction operation may be stored as part of the extraction record for that content.
  • the watermark extraction record may be stored at a database, where it can be accessed in the future by one or more trusted devices. In scenarios that a delayed watermark extraction operation is performed, any subsequent real-time access to that content can be readily screened using the stored extraction records.
  • Another aspect of real-time applications is that only a fraction of the content is made available before its rendering. In these cases, it may not possible to execute watermark extraction, using only locally available resources, prior to the content use. Therefore, as noted earlier, a real-time watermark extraction operation may be needed. In some embodiment, the need for conducting a real-time watermark extraction may be eliminated by providing an extraction record that is produced by a trusted device to accompany the streaming content. As noted earlier, content authentication can ensure the integrity of the content and its proper correspondence with an existing extraction record. However, in the context of a streaming application, full authentication of the streaming content may not be possible during the streaming of the content since the full content only becomes available at the end of the streaming session.
  • authentication of one or more portions of a content is enabled by utilizing segmented hash values.
  • the content is divided into segments of a particular size (e.g., 10 seconds in time or 1MB in size) and a hash value is generated for each content segment and stored together with the corresponding watermark extraction record.
  • a content may be authenticated in smaller units according to the granularity of content segments with the calculated hash values.
  • a received content segment e.g., that resides in a buffer
  • the segments can be selected sequentially and contiguously for authentication as they become available during the streaming operation.
  • a subset of content segments can be selected for authentication.
  • a subset of segments may be selected according to a deterministic pattern (e.g., every third segment is selected) or according to a random/pseudo-random selection pattern (e.g., random selection with uniform distribution).
  • An authentication failure for even one segment, can signal that the content has been manipulated and, therefore, trigger the real-time extraction operation.
  • a detection of content manipulation can abort the content use.
  • a segmented hash value is composed of a sequence of hash values, where each hash value is calculated from a segment of content.
  • the segment can be defined by a fixed time period or fixed byte size of the content.
  • the final content may be padded to produce a segment with the pre-defined fixed size.
  • One exemplary algorithm for generating a segmented hash function is described as follows. Let's assume that C is an audio-visual content, and ci, c 2 , ...c n are consecutive segments of C, or randomly selected segments of C. In case of selection of segments, the flexibility between authentication granularity and performance can be achieved. For example, for better computation performance, fewer segments can be selected.
  • the security of the generated hash values can further be enhanced by providing a segment size that varies within a particular range, as determined by, for example, a random number generator.
  • An exemplary algorithm for generating hash values associated with variable segment sizes is described as follows. Let's assume HF is a hash function that accepts a seed value, s, and a block of data, c technically, to produce a hash value, h n .
  • h 2 HF(h 1 , c 2 );
  • h n HF(h n . 1 , c n ).
  • a hash value, H Hook for a content up to the segment c, (1 ⁇ i ⁇ n) can be calculated as follows.
  • hash function takes the streaming content as a binary stream, regardless of the content format, whether or not the content is encrypted and which cryptographic algorithms are used for the encryption.
  • the disclosed embodiments can be used in conjunction with different hash functions. For example, an MD5 implementation in software on a Pentium 90 MHz computer can process the input data at 45 mega bits per second. To further speed up the hashing process, instead of every byte, some selective bytes from each segment can be taken as the input to the hash function.
  • cooperative watermark extraction in accordance with the disclosed embodiment may be implemented in situations where a content-accessing device lacks the processing power to simultaneously carry out content access, transmission, rendering, and watermark extraction.
  • a content-accessing device lacks the processing power to simultaneously carry out content access, transmission, rendering, and watermark extraction.
  • watermark extraction can be delegated to a capable and trusted device.
  • the extraction information and/or enforcement events may be returned to the content- accessing device for further action and/or secure storage.
  • This real-time cooperative watermark extraction is another example of the invocation model described above.
  • FIG. 6 illustrates another example embodiment, in which a content is delivered to a content client device 604 by a content server 602.
  • the content server 602 and/or the content client device 604 may be in communication with a storage unit 606, a slave device 608 and/or a delegated device 610.
  • the content server 602 and/or the client content device 604 may communicate as a master device with the slave device 608, as discussed earlier in connection with the invocation model of FIG. 4.
  • the content server 602 and/or the client content device 604 may communicate as a delegating device with the delegated device 610, as discussed earlier in connection with the delegation model of FIG. 5.
  • the communication links 612 that are depicted in FIG. 6 enable communications of content, extraction information and other information between the devices that are shown in FIG. 6.
  • one or more of the communication links 612 can allow secure communications (e.g., through link encryption) between the different devices.
  • one or more of the content server 602, content client device 604, storage unit 606, slave device 608 and delegated device 610 may reside within a home network, such as a DLNA. In other embodiments, one or more of the content server 602, the content client device 604, the storage unit 606, the slave device 608 and the delegated device 610 may reside outside of a home network.
  • the content handling devices that are depicted in FIG. 6 may reside within a network (such as a DLNA-compliant network) that can include a plurality of other server devices, client devices, storage units and the like, that can, directly or indirectly communicate with each other.
  • the devices that are located within such a network may be in communication with a plurality of other devices that reside outside of the network.
  • a gateway device 614 may be in communication, through a communication link 612, with one or more of the other devices that are depicted in FIG.
  • the gateway device 614 can, for example, coordinate the operations of various devices to facilitate watermark extraction, transfer of extraction records, authentication operations, communication and/or acquisition of trusted device lists, and the like. Further details regarding the operations of the gateway device 614 will be discussed in the sections that follow.
  • a large number of content handling devices such as the ones that are depicted in FIG. 6, may be in communication with one another to exchange content files or to conduct other operations.
  • content handling devices may be in communication with one another to exchange content files or to conduct other operations.
  • FIG. 7 illustrates an authentication procedure that may be carried out between Device A 702 and Device B 704 in accordance with an example embodiment.
  • Device A 702 transmits its certificate to Device B 704.
  • Device B 704 verifies the received certificate of Device A 702, thereby determining Device A's trustworthiness, as well as some or all capabilities of Device A 702.
  • trusted device authentication enables Device B 704 to verify that the certificate provided by Device A 702 is issued from a trusted authority.
  • Device B 704 may transmit its certificate to Device A 702.
  • Device A 702 determines if Device B 704 is a trusted device and further ascertains Device B's capabilities.
  • the authentication process can include additional operations that are known in the art. For instance, the authentication process can also include the communication of one or more challenges, and the corresponding responses, between Device A 702 and Device B 704. In some embodiments, these additional operations are conducted to ensure that the communicated information is not being merely copied from cached locations.
  • device authentication may be carried out using a DCTP-IP authentication protocol.
  • DTCP-IP specification includes a mandatory Full Authentication and an optional Extended Full Authentication procedure.
  • DTCP-IP uses Advanced
  • Encryption Standard (AES)-128 for content encryption.
  • Both authentication procedures of DTCP-IP employ a public key based Elliptic Curve Digital Signature Algorithm (EC-DSA) for signing and verification.
  • Device Certificate issued by the Digital Transmission Licensing Administrator (DTLA) i.e., the licensing administrator and developer of DTCP-IP
  • DTLA Digital Transmission Licensing Administrator
  • All compliant devices are also assigned a unique Device ID and device public/private key pair generated by the DTLA.
  • the Device Certificate comprises a plurality of fields that include information regarding certificate format, Device ID, digital signature, DTCP public key and the like.
  • the use of DTCP-IP authentication protocol allows the authenticating device to confirm that the authenticated device is in possession of private keys issued by the DTLA after certifying that the device is compliant.
  • some of the reserved bits associated with a DTCP-IP Device Certificate may be used to signal the device's content screening (e.g., watermark extraction and enforcement) capabilities. Therefore, such a Device Certificate can be used to determine if a device is a trusted device and to obtain information regarding the device's screening capabilities. In other embodiments, additional information such as a location of an extraction record database may be exchanged between the two devices. The devices may further exchange information regarding their processing and storage capabilities.
  • content screening e.g., watermark extraction and enforcement
  • device authentication may employ remote attestation to obtain increased assurance that the authenticated device is compliant.
  • Remote attestation employs a cryptographic protocol between the authenticating and authenticated devices to enable the authenticating device to establish that the authenticated device was certified as compliant and has not been modified.
  • the protocol requires that the authenticated device perform specific computations (or "measurements") of its internal processing state (such as computing hashes of data or code or performing timing measurements on its computing operations) whose results provide the authenticating device with certainty that its operation at the time of measurement match those that were performed at the time the device was certified as behaving in a compliant manner.
  • remote attestation may be performed using a "hardware root of trust” such as a Trusted Platform Module (TPM) or other secure processing unit.
  • TPM Trusted Platform Module
  • a TPM is a hardware device that can securely store passwords, certificates, encryption keys, and other values in an internal memory and apply a very limited set of cryptographic primitives to those values, based on instructions and other data values received from a more general purpose computer processor such as a CPU.
  • the values stored in internal memory of a TPM are maintained as secret and can only be accessed through the limited cryptographic functions of the TPM.
  • the TPM typically is contained in a separate computer chip from the CPU (such as affixed to the motherboard of a PC) but may also be incorporated into a system-on-a-chip that contains both the TPM and one or more CPU and other hardware functions. Storing this data on the hardware chip, instead of on a computer hard drive or within memory directly accessible by a general purpose CPU enables the establishment of a "hardware root of trust" for the device's behavior and significantly increases the security of the entire platform. This hardware storage location ensures that the stored information is more secure from external software attack and physical theft.
  • TPM provides three kinds of security functionality: 1) secure storage of any data that is encrypted by keys only available to the TPM; 2) measurement and reporting of integrity of platform including BIOS, boot sector, operating system and application software; and 3) authentication of a platform or application-specific data via digital signatures using signing keys that are protected by TPM.
  • a trusted party e.g.. the Certificate Authority
  • Such certificates that are also protected by TPM are used to prove that a signing key really does belong to a valid TPM.
  • Two devices with TPM-protected certificates and signing keys may carry out the authentication process in the same matter as discussed above based on DTCP-IP
  • a TPM-enabled device may authenticate another non-TPM-enabled device. Such authentication may result in unequal trustworthiness which then can be used by a service provider to offer distinct services. For example, a high- value content (e.g., a high-definition or an earlier release of a content) may only be delivered to TPM-enabled devices while other content can be delivered to both TMP-enabled and non-TPM-enabled devices.
  • a high- value content e.g., a high-definition or an earlier release of a content
  • the TPM contains a number of 160-bit registers called platform configuration registers (PCRs) to measure and report the status of a platform' s environment in a trusted matter.
  • PCRs platform configuration registers
  • An executable program can measure another program by computing its hash code and combine the current measurement with the hash value and store the combination in a PCR.
  • PCRs represent an accumulated measurement of the history of executed programs from power-on to the present.
  • Such a chain of trust provides a powerful defense against malicious programs, such as viruses, spyware and attacks on vulnerable programs. It can also be used to detect and disable unauthorized programs such as pirated software or unlawful programs.
  • a software media player especially in a PC environment, has been a weak point in most content protection systems. Extending the chain of trust to the media player on a TPM platform strengthens the security by enabling the detection and further disabling of unauthorized programs and/or modifications to the software player.
  • TPM can create migratable or non-migratable keys for data encryption. Migratable keys never leave the TPM that creates them while migratable keys can exported to other platforms (devices). Therefore, a content can be locked into a TPM-enabled device by encrypting the content using a TPM-created non-migratable key so that the content can only be decrypted and played on that device. This is understood to be but one approach to performing remote attestation using a "hardware root of trust.” However, other methods and devices which are currently known, or may become known in the future, may be used to accomplish the purpose of device authentication.
  • watermark extraction can include, but is not limited to, the extraction of watermarks, the calculation of content authentication information, the generation of digital signatures, and the storage of the results in a secure location.
  • Screening can include, but is not limited to, the verification of content authenticity, the acquisition and verification of usage rules and the implementation of enforcement actions (if needed). It is also understood that some overlap between watermark extraction and screening operations can exist. For example, certain operations, such as the acquisition and verification of compliance rules, can be conducted as part of one or both the watermark extraction and the screening operations. Therefore, the above-noted division of operations is merely presented to facilitate understanding of the underlying concepts and is not intended to limit the scope of the disclosed embodiments.
  • watermark extraction and screening operations can be conducted by one or more devices that may reside within and/or outside of a home network.
  • Table 1 provides a listing of how the responsibility of watermark extraction and screening can be shared among the various devices in eight exemplary scenarios.
  • Table 1 illustrates that, in scenario 1, both the watermark extraction and screening operations are carried out at the content client device while, in scenario 4, both operations are carried out at the content server.
  • the watermark extraction and screening operations are conducted through cooperation of the content client device, the content server, a delegated device and/or a slave device.
  • the content client device invokes a slave device which conducts the watermark extraction.
  • a slave device can be another trusted content client device or trusted server device with watermark extraction capabilities.
  • the content client device which is a trusted device, delegates both the watermark extraction and screening operations to a trusted delegated device.
  • Scenarios 4 through 6 provide analogs of scenarios 1 through 3.
  • the content server is the responsible device which may undertake the screening operations on its own, invoke a slave device to conduct the screening operations, or delegate these operations to a delegated device.
  • the content server conducts the watermark extraction operation and the content client device performs the screening.
  • the content client device conducts the watermark extraction operation and the content server performs the screening.
  • Table 1 do not provide an exhaustive listing of all cooperative scenarios.
  • scenario 7 can be constructed where the watermark extraction is implemented by the content server through invocation of a slave device.
  • selection of one or more trusted devices to conduct a particular operation in cooperation with one or more trusted devices can be influenced by a variety of factors, such as the user preferences, complexity of implementation and the like.
  • Table 2 provides an exemplary evaluation of the eight scenarios of Table 1 based on six different factors.
  • Table 2 provides a rough assessment of the merits for each configuration of devices in scenarios 1 through 8.
  • Table 2 further includes a limited number of factors for illustration purposes. However, it is understood that additional factors, such as computational load and memory capabilities of each device, preferences of the content owner and the like, can also be considered in making an assessment of each scenario.
  • the right-most column of Table 2 provides an overall preference ranking for each scenario. This overall ranking may be produced by considering all the evaluated items that are listed in Table 2 and/or additional factors that are not listed in Table 2. In one embodiment, such an overall preference ranking is used as a default setting, which prescribes a particular configuration of devices in the absence specific instructions that favors other configurations.
  • FIG. 8 is a flow diagram associated with watermark extraction and screening operations that are conducted in a collaborative fashion in accordance with an exemplary embodiment.
  • a request for access to a content is detected. Such a request is typically initiated by a content client device and is directed to a content server. However, in some examples, the requests may be communicated between content client devices, content servers and/or other devices.
  • device authentication is performed. For example, a device authentication that was described in connection with FIG. 7 may be performed to determine the trusted status of the devices and to obtain certain device capabilities. If it is determined, at 806, that both devices are trusted (i.e., "YES" at 806), certain device capabilities may be optionally exchanged between the two trusted devices at 808.
  • device authentication and acquisition of device capabilities may be conducted in separate steps. For example, certain device capabilities, such as whether or not a device can perform watermark extraction or screening, can be ascertained during the authentication step (i.e., at 804), while other device capabilities, such as whether or not a device has spare computational resources to conduct additional operations, are ascertained during a subsequent information exchange operation (i.e., at 808).
  • the two devices collaboratively determine the proper operational configuration. This step allows the division of labor between the two trusted devices (and/or additional trusted devices) based on a desired criterion. For example, an operational configuration that correspond to one of scenarios SI through S8 (see Table 1) can be selected based on a preference that is listed in Table 2. Alternatively, an available operational configuration may be selected with the highest overall preference ranking.
  • watermark extraction and/or content screening operations are conducted by the appropriate devices that were selected at 810.
  • content screening operations at 812 may simply comprise receiving an existing watermark extraction record from a trusted device (or from a secure storage location that is known to a trusted device) and conducting screening in accordance with the received extraction record (e.g., see steps 212 to 218 of FIG. 2).
  • watermark extraction and/or content screening operations can be performed, at 812, by one or more trusted devices.
  • the process moves to 814, where it is determined if only one device is trusted. Such a determination can be made when, for example, a trusted content client device fails to authenticate a content server. Alternatively, as will be described in the sections that follow, a central authority can make such a determination. If only one device is trusted (i.e., "YES" at 814), the trusted device determines the proper configuration for conducting the watermark extraction and/or screening operations, at 816. In doing so, the trusted device may utilize the services of other trusted devices inside or outside of the home network. Upon determining the proper configuration, the process moves to 812, where watermark extraction and/or content screening operations are conducted.
  • the process may be aborted (e.g., content access is denied) at 818.
  • the content may be provided in a protected format (e.g., in encrypted format).
  • the content is delivered in a degraded format. In still other embodiments, only a part of the content is delivered.
  • the operations that are described in FIG. 8 may be repeated, at least in-part, when each device within a home network is attempting to acquire a content, to provide a content, or solicit screening services/information from another device within the home network. Further, the above noted operations may also be carried out when at least one of the devices resides outside of the home network, if a mechanism for authentication between the devices inside and outside of the network exists.
  • Table 3 provides an exemplary listing of device configuration possibilities that is organized based on the trusted status of the two devices and the availability of watermark extraction and screening capabilities at the two devices.
  • SI through S8 represent the device configurations that were previously discussed in connection with the exemplary scenarios 1 through 8, respectively.
  • Table 3 illustrates the availability of different operational configurations based on the trusted status of each device and the available screening capabilities in accordance with an exemplary embodiment. Once it is determined which of the operational configurations are available, a particular configuration can be selected to effect the desired screening operations. For example, as noted earlier, a configuration that provides the best overall preference ranking may be selected.
  • FIG. 9 is an exemplary diagram of different content distribution scenarios involving a compliant content server 902, a non-compliant content server 904, a compliant content client device 906, a non-compliant content client device 908, as well as protected and unprotected content.
  • a protected content can be protected by a content protection mechanism, such as encryption.
  • the protected content can be played by, and is thus delivered to, a compliant content client device 906 that is capable of decrypting the content.
  • a compliant content client device 906 that is capable of decrypting the content.
  • the non-compliant content client device 908 may be able to use the protected content, if, for example, it has acquired the necessary decryption capability.
  • Such a capability can be acquired, for example, illegally (e.g., a device is hacked or encryption keys are stolen), or legally (e.g., if the content owner decides to temporarily grant the capability to a non-compliant client device 908).
  • the unprotected content may be delivered from the compliant content server 902 to the compliant content client device 906, which performs the watermark extraction and/or screening operations.
  • An unprotected content may also be delivered, at 916, from the non-compliant content server 904 to the compliant content client device 906, which screens the content.
  • the compliant content device 906 may employ one of the previously noted cooperative methods to efficiently screen the unprotected content.
  • FIG. 9 also illustrates that an unprotected content may be delivered, at 914, from the compliant content server 902 to a non-compliant client content device 908. In this scenario, the compliant content server 902 performs the necessary watermark extraction and screening prior to delivering the content.
  • the exemplary content delivery architecture that is depicted in FIG. 9 also accounts for the delivery, at 918, of an unprotected content (e.g., a pirated content) from the non- compliant content server 904 to the non-compliant content client device 908.
  • an unprotected content e.g., a pirated content
  • the proliferation of compliant content client devices may be encouraged by providing incentives to the content users.
  • blocking the delivery of protected content (or delivery of a partial content), at 920, to a non-compliant client device 908 can encourage the user to acquire a compliant device.
  • Such an upgrade is facilitated in accordance with the disclosed embodiments, since the non- compliant content client device 908 may only be required to acquire some or all of the screening capabilities. Acquisition of such screening capabilities enables the device to receive protected content (e.g., at 920).
  • the device can receive and screen unprotected content from a non- compliant content server 904.
  • the compliant device e.g. 902 or 906
  • the compliant device does not have the appropriate codecs that are required to perform watermark extraction and/or screening of a content that is encoded in a specific media format.
  • One of the following polices may be applied to this situation: 1) stop the transfer or use of the content; 2) use one of the invocation or delegation models to conduct the watermark extraction and/or screening; 3) allow the limited or unlimited transfer or use of the content (the limitations may include a maximum number of times that such transfer or usage is allowed).
  • cooperative watermark extraction in accordance with the disclosed embodiment may be implemented in situations where a special trusted device (e.g., a "gateway" 614 that is depicted in FIG. 6) coordinates and controls other devices to enable content sharing and consumption, as well as watermark extraction, screening and digital rights management.
  • the gateway device may coordinate watermark extraction, transfer of extraction records, authentication operations, communication and/or acquisition of trusted device lists, and the like.
  • the gateway device typically resides inside of a home network (e.g., a DLNA- compliant network).
  • the communications between the gateway and the various devices are encrypted.
  • the gateway device which may be controlled directly by a service provider, can be responsible for assigning watermark extraction tasks to one or more capable and trusted devices in a home network.
  • the gateway device can be the only device that is authorized to acquire and decrypt a protected content and/or to serve such a protected content in a home network.
  • the gateway device may further be able to control a compliant content server for content discovery, exposure, serving and transport.
  • the gateway device can also control a compliant content client device for content rendering.
  • the gateway device may be, additionally or alternatively, responsible for determining the appropriate operational configurations that are necessary to conduct the various screening operations.
  • the gateway device may also direct and synchronize the trusted devices to conduct the screening operations. For example, the gateway may use one of the invocation and delegation models to effect the necessary screening operations.
  • trusted device authentication operations may also be conducted by the gateway device.
  • the gateway device may maintain a revocation list and may have the authority to revoke the trusted status of a device within the network. Further, the gateway device may retain usage rules associated with different embedded watermarks. Such usage rules may be used to prescribe various enforcement actions. Such usage rules may also be communicated to various trusted devices.
  • the gateway device may also control screening and update the usage rules for policy
  • the gateway device may be in communication with one or more external device (e.g., another gateway device, a content server device, a content client device, etc.) that reside outside of the home network.
  • the gateway device may control the flow of content, authentication information and other information between the home network and the external devices.
  • all watermark extraction records may be stored in a central location that is accessible by the gateway.
  • the watermark extraction records may additionally be duplicated on other devices on a home network. Further improvements in screening efficiency can be achieved by secure and private exchange of watermark extraction records.
  • the exchange must be conducted between trusted devices either within the home network (e.g., a DLNA-compliant network) or from a cloud space via Internet. Exchange of extraction records may occur during the authentication of two devices so that the security, including confidentiality and integrity, is ensured. For example, using the DTCP-IP's authentication protocol, any information (such as the extraction records) can be securely exchanged between the two devices.
  • a need for the exchange of extraction records between two devices may arise if one of the devices does not have the extraction records.
  • the records may be copied from one device onto the other device.
  • an exchange of records may be necessary to merge and synchronize the records of both devices.
  • the exchange of records may be conducted in the following manner. If an extraction record of a content item identified by its file name or hash code on the first device does not exist in the records on the second device, the missing record can be added to the second device (and vice verse). If, on the other hand, a record for the same content item exists on both devices, the record with the latest date and time stamp (e.g., last modification date and time) is used to synchronize the contents of the two devices.
  • the latest date and time stamp e.g., last modification date and time
  • each user has a private virtual locker in the cloud for the extraction records corresponding to the content files in his/her home network.
  • the advantage of this configuration is that the user can ubiquitously access the records to receive permissions to render his/her content.
  • all virtual records from all users e.g., all users in a geographic region or all users of a service provider
  • the extraction records can be indexed by the hash code. Thus, only one record is needed to be stored in the cloud for a content item, from which a unique hash code can be produced.
  • One advantage of such organization is that these records are anonymous and less redundant.
  • only a portion of the extraction records is stored in the cloud.
  • only the extraction records that correspond to successful content access requests are stored in the cloud.
  • only the extraction records that correspond to unsuccessful content access requests are stored in the cloud.
  • the privacy of the users is protected by either using a trusted service or by obfuscating the source of the query.
  • certain users are given enhanced privileges to facilitate access and exchange of extraction records. For example, such privileges may be granted to users with no record of unsuccessful content access requests, whereas users with a history of unsuccessful content access requests may have to accept some delays associated with additional authentication and verification operations.
  • FIG. 10 illustrates a block diagram of a device 1000 within which the various disclosed embodiments may be implemented.
  • the device 1000 comprises at least one processor 1002 and/or controller, at least one memory 1004 unit that is in communication with the processor 1002, and at least one communication unit 1006 that enables the exchange of data and information, directly or indirectly, through the communication link 1008 with other entities, devices and networks.
  • the communication unit 1006 may provide wired and/or wireless communication capabilities in accordance with one or more communication protocols, and therefore it may comprise the proper
  • the exemplary device 1000 that is depicted in FIG. 10 may be integrated into as part of a content handling device 100, a master device 404, a slave device 412, a delegating device 504, a delegated device 510 and/or a destination device 514 that are depicted in FIGs. 1, 4 and 5.
  • any one of the watermark extractor 104, the digital signature generator 106, the encryption component 108, the authentication component 120 and the like may be implemented in software, hardware, firmware, or combinations thereof.
  • the various components or sub-components within each module may be implemented in software, hardware or firmware.
  • the connectivity between the modules and/or components within the modules may be provided using any one of the connectivity methods and media that is known in the art, including, but not limited to, communications over the Internet, wired, or wireless networks using the appropriate protocols.
  • FIG. 1 Various embodiments described herein are described in the general context of methods or processes, which may be implemented in one embodiment by a computer program product, embodied in a computer-readable medium, including computer-executable instructions, such as program code, executed by computers in networked environments.
  • a computer-readable medium may include removable and non-removable storage devices including, but not limited to, Read Only Memory (ROM), Random Access Memory (RAM), compact discs (CDs), digital versatile discs (DVD), etc. Therefore, the computer-readable media that is described in the present application comprises non-transitory storage media.
  • program modules may include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
  • Computer-executable instructions, associated data structures, and program modules represent examples of program code for executing steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such steps or processes.

Abstract

Methods, devices, and computer program products facilitate the application of content usage rules based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. These operations can be conducted by one or more trusted devices that reside in a networked environment. The authenticity of various devices can be verified through the exchange of certificates that can further enable such devices to ascertain capabilities of one another. Based on the ascertained capabilities, an operational configuration for conducting watermark extraction and content screening can be determined.

Description

SECURE AND EFFICIENT CONTENT SCREENING IN A NETWORKED
ENVIRONMENT
RELATED APPLICATIONS
[0001] This application claims priority from U.S. Patent Application Nos. 13/080,593, 13/080,605, and 13/080,598, all of which were filed on April 5, 2011. Each of the before- mentioned patent applications claims benefit of U.S. Provisional Application No. 61/383,693 filed on September 16, 2010. The entire contents of the before-mentioned patent applications are incorporated by reference as part of the disclosure of this application.
FIELD OF INVENTION
[0002] The present invention generally relates to the field of content management. More particularly, the disclosed embodiments relate to efficient and secure extraction of watermarks from media content to enable content management.
BACKGROUND
[0003] This section is intended to provide a background or context to the disclosed embodiments that are recited in the claims. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, what is described in this section is not prior art to the description and claims in this application and is not admitted to be prior art by inclusion in this section.
[0004] Digital watermarks have been proposed and used for copyright protection of signals such as audio, video, images and the like. In a typical watermarking scenario an auxiliary information signal is hidden within a host content in such a way that it is substantially imperceptible, and at the same time, difficult to remove without damaging the host content. The auxiliary information that is hidden within the host content can then allow content management to be carried out to varying degrees. In some embodiments, content management includes, but is not limited to, the management of the use of content in accordance with one or more policies. For example, the auxiliary information may merely convey that the host content is not allowed to be copied (i.e., a "no copy allowed" watermark). Once extracted and interpreted by a compliant device, copying of the content is prevented. A compliant device can include, but is not limited to, a device that performs screening, or otherwise operates in a manner consistent with a content use policy. Content use (or the uses of content) can include, but is not limited to, operations involving content such as playback, copy, record, transfer, stream, or other operations. Additionally, or alternatively, the embedded auxiliary information can identify the rightful owner(s), author(s) and/or author(s) of the content or can provide a serial number associated with the content or other content identifying information. The auxiliary information can also be used for other applications, such as to monitor the usage of the embedded host content, resolve ownership disputes, and keep track of royalties and the like.
[0005] In order to extract and utilize the watermarks embedded in various content, substantial resources such as CPU cycles, digital memory, and communication resources may be engaged. This, in turn, can delay access to the content, increase the cost of manufacturing devices that are designed with a minimum processing load objective, increase battery consumption in mobile devices, etc. The processing burden associated with extracting such watermarks is often exacerbated by a need to perform certain additional content
transformation operations, such as decryption, decompression, de-multiplexing, etc., that are must be performed before watermark extraction can be attempted.
SUMMARY OF THE INVENTION
[0006] This section is intended to provide a summary of certain exemplary embodiments and is not intended to limit the scope of the embodiments that are disclosed in this application.
[0007] The disclosed embodiments improve the efficiency of watermark extraction and the associated processing by reducing the overall resource engagement, utilizing spare resources whenever possible, and distributing resource engagement in time to achieve low peak requirements and optimize cost-performance tradeoff. These and other features of the disclosed embodiments are effected while maintaining appropriate levels of security associated with the usage of watermarks. The disclosed embodiments further enhance the capabilities of connected (e.g., networked) devices to effect watermark extraction, content screening and content management through cooperative efforts. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. Secure and efficient content watermark extraction and content screening operations can be carried out by exchanging certificates between the various devices in a network. The exchanged certificates can further enable the exchange of device capabilities, thereby facilitating the allocation of operational configuration to conduct watermark extraction and content screening operations.
[0008] One aspect of the disclosed embodiments relates to a method that includes receiving a request for access to a content at a first device from a second device, where the first device operates in a network. This method further comprises performing device authentication to ascertain a trusted status associated with one or both of the first and second devices, and determining an operational configuration for performing watermark extraction and/or screening operations using of one or more trusted devices. In one embodiment, the second device is a trusted content client device, and the second device is configured to perform the watermark extraction and screening operations.
[0009] In another embodiment, the second device is also a trusted content client device. But in this embodiment, a trusted slave device is configured to perform the watermark extraction operation and provide information associated with the extraction information to the second device. Moreover, the second device is configured to perform the screening operation. In still another embodiment, where the second device is a trusted content client device, a trusted delegated device is configured to perform the watermark extraction and screening operations.
[0010] According to another embodiment, the first device is a trusted content server, and the first device is configured to perform the watermark extraction and screening operations. In another embodiment, the first device is similarly a trusted content server. However, in this embodiment, a trusted slave device is configured to perform the watermark extraction operation and provide information associated with the extraction information to the first device. Further, the first device is configured to perform the screening operation.
[0011] In another embodiment, where the first device is a trusted content server, a trusted delegated device is configured to perform the watermark extraction and screening operations. In yet another embodiment, the first device is a trusted content server and the second device is a trusted content client device. According to this embodiment, the first device is configured to perform the watermark extraction operation and the second device is configured to perform the screening operation. [0012] In another embodiment, where the first device is a trusted content server and the second device is a trusted content client device, the second device is configured to perform the watermark extraction operation. In this embodiment, the first device is configured to perform the screening operation.
[0013] According to one embodiment, the network in the above described method is a home network. For example, such a home network can be a digital living network alliance (DLNA) network. While in another embodiment, the second device also operates in the network, in another embodiment, the second device operates outside of the network.
[0014] According to one embodiment, the first device is a non-compliant device and the second device is a compliant device. In another embodiment, the first device is a compliant device but the second device is a non-compliant device. In still another embodiment, both the first and the second devices are non-compliant devices.
[0015] Another aspect of the disclosed embodiments relates to a device that includes a processor and a memory, including processor executable code. The processor executable code when executed by the processor configures the device to receive a request for access to a content at a first device from a second device, where the first device operates in a network. The processor executable code when executed by the processor also configures the device to perform device authentication to ascertain a trusted status associated with one or both of the first and the second devices. The processor executable code when executed by the processor further configures the device to determine an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
[0016] Another aspect of the disclosed embodiments relates to a computer program product that is embodied on a non-transitory computer readable medium. The computer program product comprises program code for receiving a request for access to a content at a first device from a second device, the first device operating in a network. The computer program product also includes program code for performing device authentication to ascertain a trusted status associated with one or both of the first and the second devices. The computer program product further includes program code for determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices. [0017] Another aspect of the disclosed embodiments relates to a device that comprises means for receiving a request for access to a content at a first device from a second device, the first device operating in a network and means for performing device authentication to ascertain a trusted status associated with one or both of the first and the second devices. Such a device further includes means for determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
[0018] Another aspect of the disclosed embodiments relates to a method that comprises receiving a request for access to a content at a gateway device configured to coordinate operations of a plurality of devices within a network. Such a request is received from a second device for access to the content that is accessible to the first device, where the first device is configured to operate within the network. Such a method further includes coordinating, at the gateway device, device authentication to ascertain a trusted status associated with one or both of the first and second devices, and determining, at the gateway device, an operational configuration for performing watermark extraction and content screening operations using of one or more trusted devices.
[0019] In one embodiment, the second device is a device that is configured to operate within the network, while in another embodiment, with the second device is a device that is configured to operate outside of the network. In another embodiment, the gateway device is configured to communicate with the one or more trusted devices to commence the watermark extraction and/or screening operations. In another example, the gateway device is configured to revoke a trusted status of a device within the network. In still other examples, the gateway device is configured to retain usage rules associated with embedded watermarks. In one variation, the gateway device is also configured to communicate the usage rules to various trusted devices.
[0020] Another aspect of the disclosed embodiments relates to a gateway device that comprises a processor, and a memory, comprising processor executable code. The processor executable code when executed by the processor configures the gateway device to receive a request for access to a content at the gateway device that is configured to coordinate operations of a plurality of devices within a network. The request is received from a second device for access to the content that is accessible to the first device, where the first device is configured to operate within the network. The processor executable code when executed by the processor further configures the gateway device to coordinate device authentication to ascertain a trusted status associated with one or both of the first and second devices. The processor executable code when executed by the processor also configures the gateway device to determine an operational configuration for performing watermark extraction and content screening operations using of one or more trusted devices.
[0021] Another aspect of the disclosed embodiments relates to a computer program product, embodied on a non-transitory computer readable medium, that comprises computer code for receiving a request for access to a content at the gateway device that is configured to coordinate operations of a plurality of devices within a network. The request is received from a second device for access to the content that is accessible to the first device, where the first device is configured to operate within the network. The computer program product also comprises computer code for coordinating device authentication to ascertain a trusted status associated with one or both of the first and second devices, and computer code for determining an operational configuration for performing watermark extraction and content screening operations using of one or more trusted devices.
[0022] Another aspect of the disclosed embodiments relates to a device that comprises means for transmitting a request for access to a content from a second device to a first device, the first device operating in a network. This device also includes means for performing device authentication to ascertain a trusted status associated with the first device, and means for determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
[0023] Another aspect of the disclosed embodiments relates to a method that includes transmitting a request for access to a content from a second device to a first device, where the first device operating in a network. This method also includes performing device
authentication to ascertain a trusted status associated with the first device, and determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
[0024] Another aspect of the disclosed embodiments relates to a device that comprises a processor and a memory, including processor executable code. The processor executable code when executed by the processor configures the device to transmit a request for access to a content from a second device to a first device, the first device operating in a network, and to perform device authentication to ascertain a trusted status associated with the first device. The processor executable code when executed by the processor further configures the device to determine an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
[0025] Another aspect of the disclosed embodiments relates to a computer program product that is embodied on a non-transitory computer readable medium. The computer program product includes program code for transmitting a request for access to a content from a second device to a first device, where the first device operates in a network. The computer program product also includes program code for performing device authentication to ascertain a trusted status associated with the first and device, and program code for determining an operational configuration for performing watermark extraction and/or screening operations using one or more trusted devices.
[0026] An aspect of the disclosed embodiments relates to a method that comprises receiving a device authentication certificate at a first device from a second device and verifying an authenticity of the certificate. This method also includes ascertaining capabilities of the second device and determining an operational configuration for conducting watermark extraction and/or screening operations associated with a content. In one embodiment, the certificate contains information indicative of at least a portion of the capabilities of the second device. In one example, the certificate is a digital transmission content protection over Internet protocol (DTCP-IP) certificate, and the information regarding the capabilities of the second device is carried as part of that DCTP-IP certificate. In another embodiment, at least a portion of the capabilities of the second device is ascertained from a source other than the certificate. For example, at least a portion of the capabilities of the second device can be received through an additional communication with the second device.
[0027] According to another embodiment, the ascertained capabilities of the second device includes a capability to conduct some or all of the watermark extraction operation and/or content screening operations. In such a scenario, the operational configuration can designate the second device to perform at least one of the watermark extraction and content screening operations. In another embodiment, the ascertained capabilities of the second device include a capability to grant computational and memory resources to other devices. [0028] In one embodiment, the above-noted method further includes receiving a device authentication certificate at the second device from the first device, verifying the authenticity of the certificate received from the first device and ascertaining capabilities of the first device. In one variation, the certificate that is received from the first device contains information indicative of at least a portion of the capabilities of the first device. In one example, the certificate that is received from the first device is a digital transmission content protection over Internet protocol (DTCP-IP) certificate and the information regarding the capabilities of the first device is carried as part of that DCTP-IP certificate. In another example, at least a portion of the capabilities of the first device is ascertained from a source other than the certificate. For instance, at least a portion of the capabilities of the first device can be received through an additional communication with the first device. In another embodiment, the ascertained capabilities of the first device comprise a capability to conduct some or all of the watermark extraction and/or content screening operations.
[0029] In one embodiment, the ascertained capabilities of the first device comprise a capability to grant computational and memory resources to other devices. In one variation, the determination of the operational configuration for conducting watermark extraction and/or screening operations is conducted in accordance with the ascertained capabilities of the first device and the second device. In another embodiment, the operational configuration designates the first device to perform at least one of the watermark extraction and the content screening operations. In still another embodiment, the operational configuration designates the first and the second devices to collaboratively perform the watermark extraction and the content screening operations.
[0030] According to another embodiment, the operational configuration designates at least one of the first and the second devices to conduct the watermark extraction and content screening operations in accordance with a factor selected from the group consisting of: availability of computational resources, availability of watermark extraction and screening capabilities, integration complexity for a device manufacturer, consumer experience, processing performance, and an overall preference ranking. In one embodiment, at least one of the first and second devices are configured to operate in a home network. For example, such a home network can be a digital living network alliance (DLNA) network.
[0031] Another aspect of the disclosed embodiments relates to a device that includes a processor and a memory, including processor executable code The processor executable code when executed by the processor configures the device to receive a device authentication certificate at a first device from a second device and verify an authenticity of the certificate. The processor executable code when executed by the processor also configures the device to ascertain the capabilities of the second device and determine an operational configuration for conducting watermark extraction and/or screening operations associated with a content.
[0032] Another aspect of the disclosed embodiments relates to a computer program product that is embodied on a non-transitory computer readable medium. The computer program product comprises program code for receiving a device authentication certificate at a first device from a second device and program code for verifying an authenticity of the certificate. The computer program product also includes program code for ascertaining capabilities of the second device and program code for determining an operational configuration for conducting watermark extraction and/or screening operations associated with a content.
[0033] Another aspect of the disclosed embodiments relates to a device that comprises means for receiving a device authentication certificate at a first device from a second device and means for verifying an authenticity of the certificate. The device also includes means for ascertaining capabilities of the second device and means for determining an operational configuration for conducting watermark extraction and/or screening operations associated with a content.
[0034] Another aspect of the disclosed embodiments relates to a method that includes detecting an operation in a content handling device, where such an operation requires access to a content. The method also includes retrieving an existing watermark extraction record associated with the content and authenticating the content in accordance with the existing watermark extraction record. This method also includes effecting content screening in accordance with usage rules associated with the content. In one embodiment, the operation that requires access to the content can be at least one of: a copying operation, a transferring operation, a rendering operation, a playback operation and a recording operation.
[0035] In one embodiment, the existing watermark extraction record is retrieved from a location outside of the content handling device. In another embodiment such a location is at least one of: a private virtual locker on a cloud, a universal virtual locker on a cloud, a storage on a device that is compliant to DLNA (Digital Living Network Alliance) within a home network, a storage location within a digital living network alliance (DLNA) compliant network, a storage location within another device that is communicatively connected to the content handling device and a removable computer-readable storage medium.
[0036] In another embodiment, the existing watermark extraction record comprises at least one of: an extracted watermark payload, a number of extracted watermarks, a time stamp associated with an extracted watermark payload, a content authentication information, a digital signature associated with the extraction record, the usage rules associated with the content, and an enforcement action associated with the usage rules and an extracted watermark payload.
[0037] In still another embodiment, at least one of the retrieval of the existing watermark extraction record and authentication of the content file fails, and the content is subjected to a new watermark extraction operation. In such an embodiment, the method can further include producing a new watermark extraction record. In such an embodiment, the usage rules can prescribe an enforcement action in accordance with a result of the new watermark extraction operation. For example, the prescribed enforcement action can be stored as part of the new watermark extraction record. In another embodiment, the usage rules prescribe an enforcement action in accordance with the existing watermark extraction record.
[0038] According to another embodiment, the content screening comprises at least one of: muting at least a portion of the content, blanking at least a portion of the content, displaying a copyright notice, denying access to the content, and deleting the content. In yet another embodiment, the content handling device is digital living network alliance (DLNA) compliant device.
[0039] In one embodiment, the operation that requires access to the content requires realtime access to the content. In this embodiment, the existing watermark extraction record comprises a segmented authentication information corresponding to a plurality of content segments, and the authentication is carried out for at least a segment of the content in accordance with the segmented authentication information. In such a scenario, the existing extraction information can accompany a streaming content. In one example, the segmented authentication information comprises a segmented hash value. In another example, the authentication is carried out for sequential segments of the content, while in a different example, the authentication is carried out for non- sequential segments of the content. [0040] In one embodiment, the screening is effected by evaluating the information contained within the existing watermark extraction record in conjunction with content use information associated with a predetermined time period. For example, the content use information can comprise an extracted watermark payload and an associated time stamp within a time interval immediately preceding the detection of the operation that requires content access.
[0041] According to another embodiment, the operation that requires content access in the content handling device requires access to a plurality of contents, where one or more of the plurality of the contents have a size below a particular threshold. In this scenario, the content screening is effected by first concatenating the plurality of the contents with a size below the particular threshold and conducting a new watermark extraction operation on the
concatenated content. The content screening is further effected by aggregating the results associated with the new watermark extraction operation and the information obtained from the existing watermark extraction record that correspond to one or more of the plurality of the contents with a size above or equal to the particular threshold. These operations are followed by producing an enforcement action in accordance the aggregated results.
[0042] Another aspect of the disclosed embodiments relates to a device that comprises a processor and a memory that includes processor executable code. The processor executable code when executed by the processor configures the device to detect an operation in a content handling device, where such an operation requires access to a content. The processor executable code when executed by the processor further configures the device to retrieve an existing watermark extraction record associated with the content. The processor executable code when executed by the processor also configures the device to authenticate the content in accordance with the existing watermark extraction record and effect content screening in accordance with usage rules associated with the content.
[0043] Another aspect of the disclosed embodiments relates to a computer program product that is embodied on a non-transitory computer readable medium. The computer program code comprises computer code for detecting an operation in a content handling device, where such an operation requires access to a content. The computer program product also includes computer code for retrieving an existing watermark extraction record associated with the content, computer code for authenticating the content in accordance with the existing watermark extraction record, and computer code for effecting content screening in accordance with usage rules associated with the content.
[0044] Another aspect of the disclosed embodiments relates to a device that comprises means for detecting an operation in a content handling device, where such an operation requires access to a content. The device further comprises means for retrieving an existing watermark extraction record associated with the content. The device also includes means for authenticating the content in accordance with the existing watermark extraction record and means for effecting content screening in accordance with usage rules associated with the content.
[0045] These and other advantages and features of disclosed embodiments, together with the organization and manner of operation thereof, will become apparent from the following detailed description when taken in conjunction with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0046] The disclosed embodiments are described by referring to the attached drawings, in which:
[0047] FIG. 1 is a block diagram of a content handling device in accordance with an example embodiment;
[0048] FIG. 2 is a flow diagram of certain watermark extraction and content screening operations in accordance with an example embodiment;
[0049] FIG. 3 is a flow diagram of certain watermark extraction operations in accordance with an example embodiment;
[0050] FIG. 4 illustrates a block diagram of a invocation model device configuration in accordance with an example embodiment;
[0051] FIG. 5 illustrates a block diagram of a delegation model device configuration in accordance with an example embodiment;
[0052] FIG. 6 illustrates a block diagram of a content server and content client device configuration in accordance with an example embodiment; [0053] FIG. 7 illustrates an authentication procedure in accordance with an example embodiment;
[0054] FIG. 8 illustrates collaborative watermark extraction and content screening operation in accordance with an example embodiment;
[0055] FIG. 9 illustrates a block diagram of a content distribution architecture in accordance with an example embodiment; and
[0056] FIG. 10 illustrates a block diagram of an exemplary device that can accommodate the disclosed embodiments.
DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS
[0057] In the following description, for purposes of explanation and not limitation, details and descriptions are set forth in order to provide a thorough understanding of the disclosed embodiments. However, it will be apparent to those skilled in the art that the present invention may be practiced in other embodiments that depart from these details and descriptions.
[0058] Additionally, in the subject description, the word "exemplary" is used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word exemplary is intended to present concepts in a concrete manner.
[0059] Some of the disclosed embodiments are described in the context of a Digital Living Network Alliance (DLNA) compliant network. DLNA is a cross-industry organization of leading consumer electronics, computing industry and mobile device companies. DLNA's vision is a wired and wireless network of interoperable consumer electronics (CE), personal computers (PC) and mobile devices in the home and on the road, enabling a seamless environment for sharing and growing new digital media and content services. DLNA is focused on delivering interoperability guidelines based on open industry standards to complete the cross-industry digital convergence.
[0060] In order for commercial digital content to be made available for use with DLNA devices, content must be protected from unauthorized copying and use. Digital rights management (DRM) technologies are widely available and used to protect the commercial content and manage the usage rights associated with content acquired through different channels (cable, satellite, Internet, etc.) and models (VOD, DVD, rental, etc.). DRM, however, is outside of current DLNA, which leaves the option of DRM implementation to the device manufacturer. Moreover, neither a list of approved DRM technologies nor DRM interoperability has been included in the current version of DLNA.
[0061] Link Protection is the only content protection mechanism in DLNA, which is an optional implementation for a DLNA-compliant device. The primary use case for Link Protection applies to a commercial content that is stored on a media server and protected by a DRM technology. Link Protection provides that such a content can be decrypted and re- encrypted using a Link Protection technology by the media server before being sent to a client device (such as a television). The client device then decrypts the received content and renders/displays it. DLNA Link Protection thus enables view-only sharing of commercial content on all devices in, for example, a home network. However, Link Protection is not able to prevent pirated commercial content from being shared and consumed in the home network. In fact, since a decrypted copy of the content is available within the home network, DLNA- enabled content sharing can result in easier and wider sharing of pirated content.
[0062] The absence of an appropriate content protection in DLNA has been a barrier for commercial content to be made widely available in DLNA-compliant networks. The disclosed embodiments utilize watermarks that are embedded within a host content to identify unauthorized or pirated content in a network, such as DLNA-compliant networks, and to enable the communication and enactment of use policies for content across a broad range of distribution channels and devices. In some embodiments, screening and/or content screening are used to refer to operations that include, but are not limited to, examination of a content by a device to determine whether a use conforms to a content use policy. The content use policy can, for example, include one or more rules governing the use of content, including, but not limited to, the conditions under which certain uses result in the taking of a specified action. It should be also noted that the term extraction can refer to operations that include, but are not limited to, examination of a content to determine the presence of a watermark, and possible assessment of the auxiliary data within the detected watermark. During extraction, the watermark is typically not removed from the content. However, the disclosed embodiments can also readily accommodate watermark extraction algorithms that remove the embedded watermarks during the extraction process. According to the disclosed embodiments, by way of various operations, such as the extraction of watermarks from a content, the assessment of usage rules associated with the extracted watermarks and the application of appropriate enforcement actions, can be distributed among one or more trusted entities. In some embodiments, such enforcement actions include, but are not limited to, the elements of a content use policy that relate to an operation or a function that is performed when a specified type of use occurs. As such, not all the devices within a network are required to possess the full range of watermark extraction and content screening capabilities in order to comply with a particular content management scheme. Further, the disclosed embodiments enable a device to determine if another device is trustworthy, and to ascertain the extent of watermark extraction and/or screening capabilities of that device. It should be noted that while some of the disclosed embodiments are described in the context of DLNA and DLNA-compliant devices and networks, the disclosed embodiments are equally applicable to other protocols, standards, networked environments and devices that are associated with the production, transmission, discovery, storage, control and presentation of media content, such as movies, audio tracks, images and the like.
[0063] As noted earlier, watermarks can be used to protect audio or audio- visual content from unauthorized uses. For example, movies that are being released to theaters can be embedded with watermarks that carry a "No-Home-Use" (NHU) code, indicating that they are only to be duplicated by professional replicators and played back on professional projection equipment. In another example, content that is released on Blu-ray Disc, DVD, or by authorized download services, can be embedded with watermarks that carry a "Trusted Source" (TS) code, indicating that such content is intended for consumer use, but with limitations that they must be protected by trusted DRM technologies. In another example, content can be embedded with watermarks carrying codes that uniquely identify the content, such as with an industry standard identification code such as the International Standard Audiovisual Number (IS AN), International Standard Recording Code (ISRC), Global Release Identifier (GRID), International Standard Book Number (ISBN), Universal Product Code (UPC), or a value assigned from another numbering system, and for which a mechanism is provided to use the identification code to "look up" more detailed descriptive information about the content and the permissions (or "rights") associated with its use, such as in a locally stored or online database. The embedded watermarks that are provided in accordance with the disclosed embodiments can be embedded within the audio, video and/or image portions of the content and are designed to remain with the content, wherever it appears, including after copying, conversion to different formats, capturing by a camcorder, and other intentional and unintentional content manipulations. Content handling devices, such as Blu-ray Disc players, can detect the presence of the embedded watermarks and limit the use of the content when certain unauthorized uses are identified. For example, playback or copying of unauthorized copies of the content may be stopped or an audio portion of the content may be muted, depending on which embedded code is extracted and what operation is being performed by the content handling device.
[0064] In some embodiments, significant improvements in watermark extraction efficiency are achieved by executing watermark extraction prior to the use (e.g., playback, copying, transmission, display, etc.) of the content. In such embodiments, the watermark extraction operation is sometimes referred to as "background" watermark extraction. A watermark extraction operation that is conducted prior to the usage of a content can produce an extraction record for secure storage in order to reduce the need for real-time extraction on the same content at the time of a future use. In some embodiments, a real-time extraction is performed on content at the time that content is being used. In some instances, watermark extraction can also be real-time extraction. As a result of watermark extraction (e.g., background watermark extraction) an extraction record can be created that includes, but is not limited to, information representing the results of a background extraction operation in a form suitable for storage. Furthermore, it is understood that the term "background" in the context of the disclosed embodiments is not intended to convey that the associated operations are necessarily performed through background processing within a multitasking operating system. Rather, background extraction can be performed as part of foreground processing, background processing, or combinations thereof. In some embodiments, the content use may be delayed until the watermark extraction process is at least partially completed. In yet other embodiments, watermark extraction and content usage are interleaved in time so that watermark extraction is always ahead of content use. In still other embodiments, watermark extraction may take place in real-time, during, and in synchronization with, the transfer or the usage of the content.
[0065] According to the disclosed embodiments, the results of watermark extraction are stored in a secure fashion so that they can be retrieved at a different time, such as at the start of content usage. In this context, the watermark extraction is carried out by a watermark extractor that can be configured to extract, process, decode and analyze the embedded watermarks to discern the presence of watermarks and/or to obtain the payload value of the embedded watermarks. In some embodiments, the watermark extraction may further include discerning some or all of the usage rules associated with the embedded watermarks. The extraction of watermarks is typically a passive operation that does not affect the integrity of the host content. A watermark extractor, which may be implemented in software, hardware and/or firmware, can be further configured to designate potential enforcement actions that must be initiated based on the extracted watermarks and in conformance with the associated usage rules. In one example, where an unauthorized usage of the content is detected through the assessment of embedded watermarks, the content may be purged (i.e., deleted).
Alternatively, the content may be preserved and the user may be informed of the content status at a convenient moment (e.g. at the start of a playback attempt). In other embodiments, the user may be advised as to one or more recommended corrective actions, such as purchasing a license that allows authorized playback of the content. The above scenarios only provide a few exemplary enforcement actions that may be commenced upon the extraction of one or more embedded watermarks. However, it is understood that additional enforcement actions may additionally or alternatively be effected.
[0066] In some embodiments, if the content has no embedded watermarks, information indicating the absence of an embedded watermark is stored (e.g., in an associated meta data file) for further use. For example, at the moment of actual content usage, the stored information, indicative of the absence of watermarks, can be used to allow content usage without a need to undertake watermark extraction. In some embodiments, the extraction process may produce watermarks that are insufficient to trigger an enforcement action. For instance, enforcement rules associated with a trusted source (TS) watermark require the extraction of watermarks over an extended period of time before triggering an enforcement action. For example, an enforcement action logic for a feature movie may require finding the TS watermarks in at least 7 out of 9 sequential 200-second screening intervals in order to trigger an enforcement action. On the other hand, for a short audio-visual content (e.g., shorter than one hour such as a TV show), an enforcement logic may require finding the TS watermarks in at least 7 out of 9 sequential 100- second screening intervals in order to trigger an enforcement action. In some embodiments, such an enforcement logic includes, but is not limited to, the elements of a content use policy that relate to the types of use of content that will result in a specified enforcement action. To facilitate the operations of a content handling device in these and other similar scenarios, upon the extraction of watermarks during the watermark extraction, a list of extracted watermarks with associated time stamps are stored for later use.
[0067] The stored information must be secured against manipulation in a secure way. In one example, digital signatures are used to ensure that the stored information is authentic and free of tampering. It is also desirable to ensure user privacy by preventing unauthorized third parties from accessing the stored information. This can be achieved by utilizing encryption techniques to protect the stored data from unauthorized access. In particular, in DLNA, digital transmission content protection over Internet protocol (DTCP-IP) is the mandatory technology when a device implements Link Protection. As such, all DTCP-IP compliant devices are assigned a unique device identification code and a device public/private key pair. In this scenario, the stored extraction information can be digitally signed by the private key of the DLNA-compliant device and encrypted using the public key of that device. In some embodiments, extraction information can include, but is not limited to, information that is obtained from performing an extraction operation. As a result, only that device can create new digital signatures and decrypt the stored extraction information, while anyone with the associated public key can detect tampering attempts to the stored information.
[0068] FIG. 1 illustrates an exemplary content handling device 100 that may be used to accommodate the disclosed embodiments. The content handling device may conduct one or more operations such as rendering, recording, copying, transferring and/or playback of an input content 102. The input content 102 may be communicated to the content handling device 100 through one or more communication channels comprising wired and/or wireless communication channels, magnetic, optical, Flash and/or other computer readable media, or other sources. As such, the content handling device 100 can be configured to detect the presence of the input content 102. The same or a different component within the content handling device can detect a request for the input content 102 that is received from another entity. The detection of the input content 102 or the reception of a request for the input content 102 can be carried out by a detector/receiver component within the content handling device 100. Such a detector/receiver component can be part of, or a separate component from, the commutation component 110. In embodiments where the content handling device 100 is configured to request a content from another entity, a component, such as a processor that is executing a program code, within the content handling device 100 can generate such a request for the content and transmit the request to another device through, for example, the communication component 110. In one example, the content handling device 100 is DLNA- compliant device, which may be in communication with one or more other DLNA-compliant devices. The content handling device comprises a watermark extractor 104 that screens the input content for the presence of watermarks. As noted earlier, the watermark extractor 104 can extract, process, decode and/or analyze the embedded watermarks and to discern the usage rules associated with the embedded content. The content handling device can also include a digital signature generator 106, which can be configured to produce digital signatures in accordance with one or more algorithms.
[0069] Further, an encryption/decryption component 108 within the content handling device 100 can be configured to encrypt/decrypt some or all of the input content 102 and/or extraction information that is produced by the watermark extractor 104. The
encryption/decryption component 108 can be configured to implement a variety of public - and/or private-key encryption and/or decryption algorithms. The content handling device 100 can further include an authentication component 120 that can produce authentication parameters associated with the input content 102, authentication information associated with extraction information, and/or device authentication information (e.g., certificates). For example, the authentication component 120 can include a hash generation component that generates hash values for a sequence of input values. The authentication component 120 can further compare newly generated authentication information with a previously stored authentication information to verify an integrity of a content. The authentication component 120 can be configured to implement a variety of hashing algorithms, such as MD5, SHA-1 and SHA-2. The authentication component 120 may further be configured to carry out the necessary operations to effect device authentication. As such, the authentication component 120 can generate and communicate requests for device authentication, authentication information, exchange authentication certificates and verify the trustworthiness of another device.
[0070] FIG. 1 also illustrates one or more storage units 112 that can reside within the content handling device 100. Such storage units 112 can store the input content 102 (e.g., in encrypted, partially encrypted or clear format), the information produced by the watermark extractor 104 and the associated indexing information and meta data, content authentication information, compliance rules associated with the usage of embedded content and the associated enforcement actions, as well as computer program code that can be retrieved in order to implement any one of the functionalities of the disclosed embodiments. As such, the storage unit 112 can be in communication with various components of the content handling device 100, such as the watermark extractor 104, the digital signature generator 106, the encryption component 108, the authentication component 120, one or more processors within the content handling device 100 and the like. These components can retrieve and utilize the information, the computer codes and the content that are stored on the storage units 112. FIG. 1 also shows a storage unit 118 that may reside outside of the content handling device 100. The outside storage unit 118, which may be in communication with the content handling device 100 through the communication component 110 via the communication link 120, can store some or all of the above noted input content 102, watermark extraction records, as well as other data and program code. The communication component 110 may further allow the content handling device 100, or particular modules or components with the content handling device 100, to communicate with the outside storage unit 188 and/or outside entities and users.
[0071] FIG. 1 also depicts a compliance enforcer 114 that can be configured to evaluate the enforcement logic associated with the extracted watermarks of a particular content, and enforce the rules associated with enforcement actions. For example, such enforcement actions can include aborting the desired operation (e.g., not outputting the output content 116), muting the audio and/or blanking the screen associated with the output content 116, and/or presenting a copyright restriction notice. It should be understood that the content handling device 100 can also include additional components, one or more processors or controllers and additional memory devices that are not explicitly shown in FIG. 1. For example, a component within the content handling device may receive information associated with other devices that can communicate with the content handling device 100. Such information can be received, for example, through the communication component 110. The same, or a separate, component within the content handling device 100 can make decisions regarding the delegation of some or all of the screening operations (such as watermark extraction, screening, etc.) to the components within the content handling device 100 (e.g., to watermark extractor 104, compliance enforcer 114, etc.) and/or to other devices that can communicate with the content handling device 100. The components within the content handling device 100 can be implemented in hardware or software, or combinations thereof. In addition, while the media handling device 100 of FIG. 1 is depicted as a single device, one or more of the components or modules associated with the content handling device 100 may be implemented as part of a separate device. For example, the watermark extractor 104 may be implemented in a first device that is separate from a second device that implements the compliance enforcer 114.
[0072] The watermark extraction that is carried out in accordance with the disclosed embodiments can be executed whenever a new content is detected (e.g., within a home network, such as a DLNA-compliant network) and whenever spare resources are available to certain trusted device within the DLNA-compliant network. This way, peak processing loads on any given device can be decreased by distributing the processing load over time and/or over other devices with the home network. The disclosed embodiments further enable background watermark extraction to be carried out in conjunction with other trusted devices that may reside outside of the home network and/or trusted devices that are part of a different network. For example, the background processing operations may be conducted, at least in- part, by trusted devices that reside within a DLNA-compliant network that can, directly or indirectly, communicate with devices that may reside in a non-centralized network of devices in a secure fashion. Further details as to how trusted devices are identified and utilized to carry out all, or part of, the content screening operations will be discussed in the sections that follow. In some examples, the background watermark extraction is executed with a low priority to ensure the availability of computational and memory resources for other higher- priority operations and to improve user' s experience.
[0073] To facilitate access and retrieval of the extraction information, extraction records can be indexed by the content file name (which, for example, includes the file folder name or the path to the file), by a universal resource locator (URL) associated with the watermark extraction records. The extraction records can also contain the file size of the associated content. Presence of a new content can be detected by periodically searching for new file names on the device or additional/affiliated devices that may reside within the home network. Alternatively, or additionally, the presence of a new content can be detected whenever the opportunity for watermark extraction arises, such as in situations where spare computational and memory resources become available.
[0074] FIG. 2 illustrates the operations associated with the generation of extraction information and the usage of such information in accordance with an exemplary embodiment. The process starts at 202, where watermark extraction is performed. The results of the watermark extraction can include the payload value of extracted watermarks and an associated time stamp that designates the temporal location of the extracted watermark within the content. The extraction information can further include a file name, a file size and other information associated with the content. At 204, content authentication information is generated. This information can be used to verify that the content has not been modified or tampered with. For example, at 204, a hash value associated with the content can be generated. As will be described in the sections that follow, hash value generation can ensure authenticity of the content and its proper correspondence to the associated extraction information. At 206, a digital signature associated with the extraction information is calculated. In one example, the digital signature is appended to the extraction information. At 208, at least a portion of the extraction information and the associated digital signature are encrypted. In one example, only the extraction information is encrypted, while in another example, both the extraction information and the associated digital signature are encrypted. The fully, or partially, encrypted extraction record is then stored on a storage media at 210. Certain additional operations, such as indexing of the content items, compressing the content items, etc., may also be carried out at some point after watermark extraction 202 but before storage of extraction information 208.
[0075] Referring to FIG. 2, the stored extraction information may be retrieved at a later instance in time (e.g., at the time of playback of the content). At 212, authenticity of the content is verified. Authentication of the content will be described in further details in the sections that follow. If content authentication does not succeed ("NO" at 214), watermark extraction operations are conducted for the content by, for example, returning to block 202. If content authentication succeeds ("YES" at 214), the usage rules associated with the extraction information are checked at 216. For example, the usage rule associated with a No Home Use watermark payload can prevent the playback of the content on a consumer device. The usage rules may be stored at a storage location internal or external to the content handling device. Additionally, or alternatively, the usage rules may be received from an outside entity, such as a trusted authority. At 218, the applicable enforcement actions (if any) are effected. For example, an audio portion of the output content can be muted, or a copying operation can be aborted. It should be noted that, in some embodiments, the usage rules associated with the extracted watermarks are stored along with the extraction information in step 210. In these embodiments, prior to the application of the enforcement action at 218, it must be ensured that the stored usage rules are up to date. In another embodiment, the applicable enforcement actions may also be stored along with the extraction information at 210.
[0076] The operations that are illustrated in the block diagram of FIG. 2 are also applicable to the embodiments where the extraction of watermarks are carried out in real-time (e.g., as the content is being rendered, displayed, etc.). In such embodiments, the extraction information, at 202, is produced in parallel with, or slightly earlier than, rendering a particular segment of the content. The extraction information, which is stored, at least temporarily, at a storage location, can be accessed to determine if an enforcement action is needed in conformance with the associated usage rules. In real-time applications, the creation of a digital signature, at 206, and encryption of the extraction information, at 208, may not be feasible due to a lack of computational resources. In these scenarios, the extraction information may be stored within a tamper-resistant portion of the watermark extractor. Implementation of tamper-resistant modules within a device (i.e., a software and/or a hardware device) can be carried out in accordance with tamper-resistant techniques and algorithms that are known in the art.
[0077] FIG. 3 illustrates the operations that are commenced upon the detection of a new content file at a content handling device. In some embodiments, a new content is detected when a device encounters a new content and commences the subsequent actions for obtaining the associated extraction records. In such scenarios, a "new content" is any content that does not have a matching file and/or path names in the extraction records. In other embodiments, a content handling device may monitor certain operations, such as "save" and "import" operations, and trigger additional operations if particular conditions are satisfied. In these embodiments, a content that has a matching path and file name is still considered a new content. Referring back to FIG. 3, at 302, the presence of a new content is detected. If, at 304, it is detected that the file name is new (i.e., a content file name match cannot be found in the extraction records), the file is designated to be subject to watermark extraction at 318. For example, the content can be placed on a waiting list to be processed for watermark extraction. In one embodiment, a content file is considered a new file if the file's base name (regardless of the file's full path name) does not exist within the device or an associated entity, such as a connected database. If the content file is not new (i.e. "NO" at 304), it is determined, at 306, if the new content and the existing content have an identical file size. If the file sizes do not match (i.e., "NO" at 306), the process moves to 318, where the content is designated for watermark extraction. If, at 306, the file sizes do match (i.e., "YES" at 306), a content authentication operation is triggered at 308 (content authentication procedures will be described in the sections that follow). If content authentication fails (i.e., "NO" at 310), the content is designated for watermark extraction at 318. Otherwise (i.e., "YES" at 310), it is determined, at 312, if the content path name is new (i.e., via comparing the path name of the new content against the existing path name that is saved in the extraction record). If the path names are identical (i.e., "NO" at 312), watermark extraction is omitted at 316. Otherwise, if the path names are different (i.e., "YES" at 312), the extraction record is updated with the new file location at 314 and watermark extraction is omitted at 316.
[0078] The flow diagram of FIG. 3 is intended to facilitate the understanding of the disclosed embodiments. Therefore, additional or fewer steps may be undertaken in order to implement the various embodiments. It should be also noted that in order to facilitate the search for new and/or duplicate files, the stored content files and/or the associated extraction records may be indexed using a variety of indexing techniques and parameters. For instance, the file name may be used as an index for searching a database of content files.
[0079] In other embodiments, the device further verifies if the previously analyzed files (e.g., files that have previously been subjected to watermark extraction) are still present on the device. This process can be executed in association with the process of searching for new files, or it can be performed independently when spare resources are available, or when a delete action is executed on the device. If the content associated with an extraction record is removed from the device, the extraction record may also be removed to conserve memory resources and to reduce the computational efforts in searching through stored extraction records.
[0080] In some embodiments, where extraction information is not available at the time of content use, watermark extraction can be executed at real-time (i.e. on-the-fly). If enough computational and/or memory resources are not available for both the execution of a realtime extraction and usage of the content, the content use can be delayed until the watermark extraction process is at least partially completed. In some examples, watermark extraction and content usage are interleaved in time (e.g., watermark extraction over one segment is followed by usage of that segment) so that watermark extraction is always ahead of content use. [0081] An important security consideration is the possibility of content modifications or substitutions after the watermark extraction has been completed. For example, an unmarked content may be initially imported, and then an external program may attempt to replace watermark-bearing component of the content with a new content (which may have embedded watermarks). In this process, an attacker may intentionally preserve the same file name and file size to prevent the content from being designated for watermark extraction. To foil this attempt, the device must authenticate the content before using the stored extraction information. This operation was previously described in connection with step 212 in FIG. 2.
[0082] Content authentication can be quickly and securely carried out using one-way cryptographic hash function such as MD5, SHA-1 or SHA-2. During the watermark extraction process on a newly imported file, a hash value is calculated and saved together with the extraction results, as depicted in FIG. 2, steps 204 to 210. When content usage is commenced, a hash value for the content is computed and compared to the previously stored hash value (e.g., at 212 in FIG. 2). If the newly computed values match the stored hash values, the content is deemed to be authentic and, therefore, the associated extraction information can be used to effect any applicable enforcement actions. Otherwise, if the calculated and stored hash values do no match, the usage of the content may be fully or partially disabled (e.g., copying aborted, playback stopped, copyright notice displayed, etc.). Additionally, or alternatively, the content can be designated to undergo a new watermark extraction operation (see, e.g., FIG. 2, "NO" at step 214 and Fig. 3, "NO" at step 310).
[0083] In some embodiments, the content authentication information (e.g., a hash value) is produced (e.g. at step 204 in FIG. 2) when the content is in encrypted format. This way, when content authentication is conducted (e.g., at step 212 in FIG. 2), there is no need to decrypt the content before verifying the content' s authenticity. Therefore, at the moment of content use, the disclosed embodiments only require the generation of the content authentication information (e.g., a hash value) rather than undertaking a full watermark extraction operation. This aspect of the disclosed embodiments provides a substantial improvement in efficiency of operations of a content handling device, especially in cases where content transformations, such as decryption, decompression, de-multiplexing etc., are required prior to watermark extraction. Many hash functions can be implemented efficiently in hardware and/or software. In some instances, where the watermark extraction records are encrypted (see, e.g., FIG. 2, step 208), the stored extraction information must be decrypted in order to retrieve the stored hash values. However, since the size of the stored watermark extraction record is relatively small, such a decryption operation is not likely to present a significant processing burden.
[0084] A critical requirement in selecting a hash function is the pre-image resistance, defined as follows: given a hash value h, it should be hard (almost certainly beyond the reach of any adversary) to find a message m such that h = hash(m). This requirement is related to an attack where a pirate tries to substitute a marked content with an unmarked content, which has the same hash value, in order to create an extraction-free watermark extraction report. In this attack scenario, after the content handling device conducts a watermark extraction on an unmarked content, the attacker may attempt to replace the unmarked content with a marked content with the same hash value to avoid the screening of marked content.
[0085] It should be noted that the above noted pre-image requirement is easier to satisfy than a collision resistance requirement. The collision resistance requirement can be defined as follows: it should be hard to find two different messages ml and m2 such that hash(ml ) = hash(ni2 ). This requirement, which is more common if hash functions are used for indexing schemes, typically necessitates the use of more demanding hash functions, such as the SHA-2 family of hash functions. However, in scenarios where the less stringent pre-image resistance provides the sufficient protection, simpler and less computationally demanding hash functions, such as MD5 and SHA-1 may be used.
[0086] In some embodiment, further reductions in processing load associated with hash function calculation can be achieved by selecting only a subset of data from the content to be input to hash function calculation. In one example, the selection process is maintained as a secret. For instance, random content segments can be selected using a random number generator that uses the device private key as a seed.
[0087] The disclosed embodiments further provide for the operation of a content handling device by considering security concerns related to mosaic attacks. A mosaic attack is defined as breaking up a content into multiple segments such that each content segment can individually evade an enforcement action. In this attack scenario, a content is divided into segments that are individually subject to watermark extraction. During the actual content use, the segments are assembled again for presentation to the user using, for example, a playlist feature at content rendering instance. A coarse mosaic attack typically involves producing relatively large content segments. For example, a feature movie may be segmented into several 10-minute chunks in order to avoid Trusted Source (TS) enforcement on individual segments. This attack can be successful for a TS-marked content since, as noted earlier, repeated watermark extractions in several content segments are required to trigger an enforcement action.
[0088] In one embodiment, a coarse mosaic attack can be circumvented in a compliant device by safely storing the content use history associated with that device, and subsequently retrieving and analyzing the content use history with each new content use. The content use history provides a record of all watermark extractions, together with an associated time stamp, within a predefined interval (e.g., for at least the last 20 minutes content use by the device). Watermark extraction results for any new content use can then be appended to the retrieved content use history data in order to evaluate if an enforcement condition is present. In the case of a mosaic attack that utilizes a playlist, the evaluation of an enforcement condition can be based on an aggregate of a retrieved content use history and the extraction record for each item on the playlist in the listed order. This way, the enforcement condition can be efficiently evaluated without having to conduct a real-time watermark extraction operation content use commences.
[0089] Another attack scenario relates to a fine mosaic attack, in which a content is divided into a large number of segments with fine granularity such that watermark extraction from each individual segment is not feasible. A fine mosaic attack implies a significant overhead due to small file handling and, therefore, may not be practical for many devices. For example, a feature movie may be segmented into one-second clips and saved as a string of independent files that are later concatenated using some kind of playlist function.
Nonetheless, in accordance with the disclosed embodiments, fine mosaic attacks can be effectively thwarted by properly recognizing the presence of such an attack. In one embodiment, the existence of content files below a certain size limit triggers a fine mosaic countermeasure. For example, the detection of audio-visual content files that are less than five seconds long may be a flag that triggers fine mosaic countermeasures during a watermark extraction process.
[0090] In one embodiment, a fine mosaic attack is thwarted by requiring watermark extraction over a number of concatenated files provided in a playlist. Watermark extraction over the concatenated files can be carried out prior to the content use, or in real-time, during the content use. In one embodiment, if the concatenated file contains a mix of files below and above the size limit, watermark extraction is performed only for the set of adjacent short files with a total length above the size limit. The result of this extraction process can be combined with the results of extraction information for the files above the size limit (which should have been previously conducted), and used for enforcement logic evaluation and/or enforcement.
[0091] In an alternative embodiment, an advanced watermark extractor may be instantiated upon the detection of a fine mosaic attack. The advanced extractor can perform the bulk of the processing in the background mode, and save intermediate data for future use. For example, the intermediate data can consist of content features that are relevant for watermark extraction and have a size that can be much smaller than the original content. This feature of the disclosed embodiments can result in a significant reduction in the usage of computational and memory resources. Therefore, upon the detection of a fine mosaic attack, the device can quickly and efficiently extract the embedded watermarks just by evaluating the intermediate data as opposed to attempting to extract the watermarks from the original content. For example, in a system that uses spread spectrum watermarking, the intermediate data can comprise correlation values between a known spread spectrum carrier and the content samples with a particular granularity. At the moment of content use, the intermediate data is concatenated, watermark extraction is attempted and enforcement condition is evaluated based on any watermarks extracted from the intermediate data. As noted earlier, in some embodiments, if the concatenated file contains a mix of files that are below and above the size limit, the intermediate data concatenation and watermark extraction are needed only for the set of adjacent short files with total length above the size limit. The result of this extraction process can be combined with the extraction information associated with the files above the size limit, and used for enforcement logic evaluation and/or enforcement.
[0092] In scenarios where a network of trusted devices can be established, it may be advantageous to use the network to share the watermark extraction and enforcement responsibilities. In one embodiment, if a device with a new content item is not able to interpret the content' s format, the device may entrust all, or a portion of, the watermark extraction operations to another device that can interpret the content format. The device that performs the watermark extraction may report the extraction information to the delegating device for further action and/or secure storage. [0093] FIG. 4 illustrates an exemplary embodiment in which an invocation model is used to enable cooperative watermark extraction. In this embodiment, a master device 404, which receives an input content 402, is tasked with performing an operation (e.g., copying, transferring, playing, recording, etc.) that produces an output content 406. As depicted in FIG. 4, the master device 404 invokes a slave device 412 to perform watermark extraction on a selected content 408 that is communicated to the slave device 412. Upon full or partial completion of watermark extraction by the slave device 412, the master device 404 receives the extraction information 410 and decides if the selected content 408 will be delivered to the destination device and/or if additional enforcement actions, such as muting or displaying a warning message, are warranted. This invocation model can be applied in situations where the master device 404 doesn't have the capability of watermark extraction or it is overloaded (e.g. in case of multiple instances of streaming or watermark extraction tasks) or it does not have appropriate codecs to handle the selected content.
[0094] FIG. 5 illustrates another exemplary embodiment in which a delegation model is used to enable cooperative watermark extraction. In this embodiment, a delegating device 504, which is tasked with performing an operation on an input content 402 (e.g., copying, transferring, playing, recording, etc.), completely delegates the watermark extraction to a delegated device 510. The delegated device 510 receives the selected content 508 from the delegating device 504 and performs the watermark extraction operations. The delegated device 510 further decides whether or not to forward the requested content (i.e., the trusted content 512 if the decision is made to forward the content) to a destination device 514 in accordance with usage rules associated with the extraction information 514. In one scenario, the delegated device performs the watermark extraction and screening operations while streaming the content until the usage rules limit the use of the contents (e.g. stop of the streaming or muted audio). In another scenario, the transfer of the content to the destination may start only after the partial or full completion of the watermark extraction and screening. Further, the delegated device 510 may or may not return the extraction information 514 to the delegating device 504 (this optional operation is depicted by the dashed arrow in FIG. 5 that starts from the delegated device 510 and terminates at the delegating device 504). The delegating model can be used in various scenarios where the delegating device 504 doesn't have the capability of watermark extraction or it is overloaded (e.g. in case of multiple instances of streaming or watermark extraction tasks) or it does not have appropriate codecs to handle the requested content. In particular, this model is useful in the scenarios where the presence of a bridge device (e.g., the delegated device 510) is needed to enable a content transformation, such as converting a high-definition content to an MPEG-4 mobile version, and the like.
[0095] In both invocation and delegation models, the devices that may cooperatively perform screening may be aware of the codecs capability bilaterally or unilaterally. They may inquire or exchange the codecs capability before or at the beginning of the transfer of the selected content. For example, in DLNA that adopts HTTP protocol for content transfer, a device uses the MIME-TYPE values that are defined in DLNA Media Format Profiles as values for Content- Type in a HTTP request or response to specify the codecs of the requested content. Other content transfer protocols such as RTP (Real-time Transport Protocol) also support exchange of codecs capability.
[0096] In some systems that utilize invocation or delegation models, it may be possible that the sender of the selected content (either master device 404 or delegating device 504) is not aware of the codec capability of a receiving device (either a slave device 410 or a delegated device 510). In some embodiments, in such situations, if the receiving device does not have the appropriate codecs that are required to process the requested content, the receiving device informs the sender of the exception immediately (as part of extraction information 514). The receiving device may also optionally request the sender to convert and re-transfer the content in a media format that can be processed by the receiving device.
[0097] In real-time watermark extraction scenarios, cooperative watermark extraction in accordance with the disclosed embodiments can be implemented in situations where a first device accesses the content and a second device renders (e.g., displays) that content. In these scenarios, the content-accessing device is usually unable to interpret the content, while the rendering device (which is, of course, able to interpret the content) is not trusted. In this case, the content-accessing device may initiate a search to discover a trusted device that can interpret the content. Such a trusted device must also be able to execute watermark extractions at a rate faster than, or equal to, the real-time rendering of the content. The trusted device may, for example, be identified by consulting a list of trusted devices that can be securely accessed by the content-accessing device. Such a list can also be communicated securely to the content accessing device from a trusted authority. In another embodiment, the list is created during device discovery based on UPnP (Universal Plug and Play) networking protocols. For example, DLNA uses UPnP for discovery and description of device types and capabilities. In other embodiments, a device authentication procedure is commenced to verify the trustworthiness of a device and to ascertain its capabilities. Device authentication procedures will be further described in the sections that follow. The extraction results and/or enforcement events that are produced by the trusted device may be returned to the content accessing device for further action and/or secure storage.
[0098] The above-noted real-time watermark extraction scenario can be considered an example of the invocation model described above. This example scenario allows a commercial content to be delivered on a legacy rendering device (e.g. DLNA TV without a watermark extractor). To encourage the adoption of trusted rendering devices, incentives may be provided by the content owners, Pay TV companies and Over-the-top (OTT) and on- demand content providers to the users who render the premium content directly on a trusted rendering device. Alternatively, a flag in a DRM-protected commercial content may be inserted by the content distributor to indicate that the content must be rendered by a trusted client.
[0099] In some embodiments, if a real-time watermark extraction operation is not feasible (even with the cooperation of additional trusted devices), a delayed watermark extraction operation may, nevertheless, be conducted whenever the necessary resources become available. The results that are produced by the delayed watermark extraction operation may be stored as part of the extraction record for that content. For example, the watermark extraction record may be stored at a database, where it can be accessed in the future by one or more trusted devices. In scenarios that a delayed watermark extraction operation is performed, any subsequent real-time access to that content can be readily screened using the stored extraction records.
[0100] Another aspect of real-time applications (e.g., live streaming of a video content) is that only a fraction of the content is made available before its rendering. In these cases, it may not possible to execute watermark extraction, using only locally available resources, prior to the content use. Therefore, as noted earlier, a real-time watermark extraction operation may be needed. In some embodiment, the need for conducting a real-time watermark extraction may be eliminated by providing an extraction record that is produced by a trusted device to accompany the streaming content. As noted earlier, content authentication can ensure the integrity of the content and its proper correspondence with an existing extraction record. However, in the context of a streaming application, full authentication of the streaming content may not be possible during the streaming of the content since the full content only becomes available at the end of the streaming session.
[0101] In some embodiments, authentication of one or more portions of a content is enabled by utilizing segmented hash values. In particular, the content is divided into segments of a particular size (e.g., 10 seconds in time or 1MB in size) and a hash value is generated for each content segment and stored together with the corresponding watermark extraction record. This way, a content may be authenticated in smaller units according to the granularity of content segments with the calculated hash values. During the streaming operation, a received content segment (e.g., that resides in a buffer) can be authenticated by calculating its corresponding hash value and comparing it to the hash value stored in the extraction record. The segments can be selected sequentially and contiguously for authentication as they become available during the streaming operation. Alternatively, a subset of content segments can be selected for authentication. In one embodiment, a subset of segments may be selected according to a deterministic pattern (e.g., every third segment is selected) or according to a random/pseudo-random selection pattern (e.g., random selection with uniform distribution). An authentication failure, for even one segment, can signal that the content has been manipulated and, therefore, trigger the real-time extraction operation. Alternatively, a detection of content manipulation can abort the content use.
[0102] According to the disclosed embodiments, a segmented hash value is composed of a sequence of hash values, where each hash value is calculated from a segment of content. The segment can be defined by a fixed time period or fixed byte size of the content. Moreover, the final content may be padded to produce a segment with the pre-defined fixed size. One exemplary algorithm for generating a segmented hash function is described as follows. Let's assume that C is an audio-visual content, and ci, c2, ...cn are consecutive segments of C, or randomly selected segments of C. In case of selection of segments, the flexibility between authentication granularity and performance can be achieved. For example, for better computation performance, fewer segments can be selected. The size of segment will also have an impact on the performance as measured by computational and resource efficiency. In particular, smaller segments require fewer computations for authenticating that particular segment. However, a minimum segment size limit may be required to ensure the security of the hash function. [0103] In one embodiment, the security of the generated hash values can further be enhanced by providing a segment size that varies within a particular range, as determined by, for example, a random number generator. An exemplary algorithm for generating hash values associated with variable segment sizes is described as follows. Let's assume HF is a hash function that accepts a seed value, s, and a block of data, c„, to produce a hash value, hn. The hash values for segments ci, c2, ...cn can be calculated using the following set of operations: h1 = UF(s, c1); (1)
h2 = HF(h1, c2);
hn = HF(hn.1, cn).
[0104] A hash value, H„ for a content up to the segment c, (1< i <n) can be calculated as follows.
Ui = UF(s, h1+h2+...+hi) (2)
[0105] One major advantage of using hash values for content identification is that the hash function takes the streaming content as a binary stream, regardless of the content format, whether or not the content is encrypted and which cryptographic algorithms are used for the encryption. The disclosed embodiments can be used in conjunction with different hash functions. For example, an MD5 implementation in software on a Pentium 90 MHz computer can process the input data at 45 mega bits per second. To further speed up the hashing process, instead of every byte, some selective bytes from each segment can be taken as the input to the hash function.
[0106] In another real-time watermark extraction scenario, cooperative watermark extraction in accordance with the disclosed embodiment may be implemented in situations where a content-accessing device lacks the processing power to simultaneously carry out content access, transmission, rendering, and watermark extraction. In particular, such a scenario may arise when the same device is configured to conduct simultaneous access and transmission of multiple content streams. In these scenarios, watermark extraction can be delegated to a capable and trusted device. The extraction information and/or enforcement events may be returned to the content- accessing device for further action and/or secure storage. This real-time cooperative watermark extraction is another example of the invocation model described above.
[0107] FIG. 6 illustrates another example embodiment, in which a content is delivered to a content client device 604 by a content server 602. The content server 602 and/or the content client device 604 may be in communication with a storage unit 606, a slave device 608 and/or a delegated device 610. Depending on the system configuration, the content server 602 and/or the client content device 604 may communicate as a master device with the slave device 608, as discussed earlier in connection with the invocation model of FIG. 4.
Similarly, depending on the system configuration, the content server 602 and/or the client content device 604 may communicate as a delegating device with the delegated device 610, as discussed earlier in connection with the delegation model of FIG. 5. The communication links 612 that are depicted in FIG. 6 enable communications of content, extraction information and other information between the devices that are shown in FIG. 6. For example, one or more of the communication links 612 can allow secure communications (e.g., through link encryption) between the different devices. Further, one or more of the content server 602, content client device 604, storage unit 606, slave device 608 and delegated device 610 may reside within a home network, such as a DLNA. In other embodiments, one or more of the content server 602, the content client device 604, the storage unit 606, the slave device 608 and the delegated device 610 may reside outside of a home network.
[0108] With reference to FIG. 6, it can be appreciated that watermark extraction and implementation of applicable screening operations and enforcement actions can be carried out using one or more of the depicted devices in real-time and non-real time applications. Further, the content handling devices that are depicted in FIG. 6 may reside within a network (such as a DLNA-compliant network) that can include a plurality of other server devices, client devices, storage units and the like, that can, directly or indirectly communicate with each other. In addition, the devices that are located within such a network may be in communication with a plurality of other devices that reside outside of the network. In some embodiments, a gateway device 614 may be in communication, through a communication link 612, with one or more of the other devices that are depicted in FIG. 6 and/or other devices that reside within or outside of a home network. The gateway device 614 can, for example, coordinate the operations of various devices to facilitate watermark extraction, transfer of extraction records, authentication operations, communication and/or acquisition of trusted device lists, and the like. Further details regarding the operations of the gateway device 614 will be discussed in the sections that follow.
[0109] In some scenarios, a large number of content handling devices, such as the ones that are depicted in FIG. 6, may be in communication with one another to exchange content files or to conduct other operations. However, it is likely that only a subset of such content handling devices have the capability to conduct watermark extraction, evaluate the extraction records against content usage rules and/or effect enforcement actions. Therefore, the task remains as to how to properly identify trustworthy devices that have all, or a portion of, such capabilities. It is further necessary to determine the most effective and secure way to distribute the required workload among the various devices, and to conduct various communications between the devices.
[0110] Device authentication, which is carried out in accordance with the disclosed embodiments, enables each device to verify that another device is a "trusted" device. By establishing the trustworthiness of the devices, the capabilities of each device may be communicated to one another. FIG. 7 illustrates an authentication procedure that may be carried out between Device A 702 and Device B 704 in accordance with an example embodiment. In operation 706, Device A 702 transmits its certificate to Device B 704. In operation 708, Device B 704 verifies the received certificate of Device A 702, thereby determining Device A's trustworthiness, as well as some or all capabilities of Device A 702. In one example, trusted device authentication enables Device B 704 to verify that the certificate provided by Device A 702 is issued from a trusted authority. Analogously, in operation 710, Device B 704 may transmit its certificate to Device A 702. In operation 712, Device A 702 determines if Device B 704 is a trusted device and further ascertains Device B's capabilities. It should be noted that the authentication process can include additional operations that are known in the art. For instance, the authentication process can also include the communication of one or more challenges, and the corresponding responses, between Device A 702 and Device B 704. In some embodiments, these additional operations are conducted to ensure that the communicated information is not being merely copied from cached locations.
[0111] In some embodiments, device authentication may be carried out using a DCTP-IP authentication protocol. DTCP-IP specification includes a mandatory Full Authentication and an optional Extended Full Authentication procedure. DTCP-IP uses Advanced
Encryption Standard (AES)-128 for content encryption. Both authentication procedures of DTCP-IP employ a public key based Elliptic Curve Digital Signature Algorithm (EC-DSA) for signing and verification. Device Certificate issued by the Digital Transmission Licensing Administrator (DTLA) (i.e., the licensing administrator and developer of DTCP-IP) is stored in the compliant device and used during the authentication process. All compliant devices are also assigned a unique Device ID and device public/private key pair generated by the DTLA. The Device Certificate comprises a plurality of fields that include information regarding certificate format, Device ID, digital signature, DTCP public key and the like. The use of DTCP-IP authentication protocol allows the authenticating device to confirm that the authenticated device is in possession of private keys issued by the DTLA after certifying that the device is compliant.
[0112] In one exemplary embodiment, some of the reserved bits associated with a DTCP-IP Device Certificate may be used to signal the device's content screening (e.g., watermark extraction and enforcement) capabilities. Therefore, such a Device Certificate can be used to determine if a device is a trusted device and to obtain information regarding the device's screening capabilities. In other embodiments, additional information such as a location of an extraction record database may be exchanged between the two devices. The devices may further exchange information regarding their processing and storage capabilities.
[0113] In another embodiment, device authentication may employ remote attestation to obtain increased assurance that the authenticated device is compliant. Remote attestation employs a cryptographic protocol between the authenticating and authenticated devices to enable the authenticating device to establish that the authenticated device was certified as compliant and has not been modified. The protocol requires that the authenticated device perform specific computations (or "measurements") of its internal processing state (such as computing hashes of data or code or performing timing measurements on its computing operations) whose results provide the authenticating device with certainty that its operation at the time of measurement match those that were performed at the time the device was certified as behaving in a compliant manner. In one exemplary embodiment, remote attestation may be performed using a "hardware root of trust" such as a Trusted Platform Module (TPM) or other secure processing unit. A TPM is a hardware device that can securely store passwords, certificates, encryption keys, and other values in an internal memory and apply a very limited set of cryptographic primitives to those values, based on instructions and other data values received from a more general purpose computer processor such as a CPU. The values stored in internal memory of a TPM are maintained as secret and can only be accessed through the limited cryptographic functions of the TPM. The TPM typically is contained in a separate computer chip from the CPU (such as affixed to the motherboard of a PC) but may also be incorporated into a system-on-a-chip that contains both the TPM and one or more CPU and other hardware functions. Storing this data on the hardware chip, instead of on a computer hard drive or within memory directly accessible by a general purpose CPU enables the establishment of a "hardware root of trust" for the device's behavior and significantly increases the security of the entire platform. This hardware storage location ensures that the stored information is more secure from external software attack and physical theft. TPM provides three kinds of security functionality: 1) secure storage of any data that is encrypted by keys only available to the TPM; 2) measurement and reporting of integrity of platform including BIOS, boot sector, operating system and application software; and 3) authentication of a platform or application-specific data via digital signatures using signing keys that are protected by TPM.
[0114] To enable device authentication in a TPM platform, a trusted party (e.g.. the Certificate Authority) will sign the signing keys that are protected by TPM. Such certificates that are also protected by TPM are used to prove that a signing key really does belong to a valid TPM. Two devices with TPM-protected certificates and signing keys may carry out the authentication process in the same matter as discussed above based on DTCP-IP
authentication. The only difference is that the signing keys in a TPM platform is more secure.
[0115] A TPM-enabled device may authenticate another non-TPM-enabled device. Such authentication may result in unequal trustworthiness which then can be used by a service provider to offer distinct services. For example, a high- value content (e.g., a high-definition or an earlier release of a content) may only be delivered to TPM-enabled devices while other content can be delivered to both TMP-enabled and non-TPM-enabled devices.
[0116] The TPM contains a number of 160-bit registers called platform configuration registers (PCRs) to measure and report the status of a platform' s environment in a trusted matter. Starting from a root of trust, it enables a trusted entity to obtain unforgeable information about the platform state. An executable program can measure another program by computing its hash code and combine the current measurement with the hash value and store the combination in a PCR. Thus, PCRs represent an accumulated measurement of the history of executed programs from power-on to the present. Such a chain of trust provides a powerful defense against malicious programs, such as viruses, spyware and attacks on vulnerable programs. It can also be used to detect and disable unauthorized programs such as pirated software or unlawful programs.
[0117] A software media player, especially in a PC environment, has been a weak point in most content protection systems. Extending the chain of trust to the media player on a TPM platform strengthens the security by enabling the detection and further disabling of unauthorized programs and/or modifications to the software player.
[0118] TPM can create migratable or non-migratable keys for data encryption. Migratable keys never leave the TPM that creates them while migratable keys can exported to other platforms (devices). Therefore, a content can be locked into a TPM-enabled device by encrypting the content using a TPM-created non-migratable key so that the content can only be decrypted and played on that device. This is understood to be but one approach to performing remote attestation using a "hardware root of trust." However, other methods and devices which are currently known, or may become known in the future, may be used to accomplish the purpose of device authentication.
[0119] Based on the assessment of the trusted status of various devices and their capabilities, the various operations that are required to ensure the proper watermark extraction and screening operations associated with a content can be shared among those devices. In order to facilitate the discussion, the operations associated with providing a content from the content server to the content client device (see, e.g., the content server 602 and the content client device 604 of FIG. 6) can be divided into (1) watermark extraction and (2) screening. For example, watermark extraction can include, but is not limited to, the extraction of watermarks, the calculation of content authentication information, the generation of digital signatures, and the storage of the results in a secure location. Screening on the other hand, can include, but is not limited to, the verification of content authenticity, the acquisition and verification of usage rules and the implementation of enforcement actions (if needed). It is also understood that some overlap between watermark extraction and screening operations can exist. For example, certain operations, such as the acquisition and verification of compliance rules, can be conducted as part of one or both the watermark extraction and the screening operations. Therefore, the above-noted division of operations is merely presented to facilitate understanding of the underlying concepts and is not intended to limit the scope of the disclosed embodiments.
[0120] Depending on whether or not a device is trusted (i.e. authenticated as compliant), the extent of availability of computational resources, compliance capability, the required security of operations, architecture and design complexity, the user experience considerations, preferences of the content owners and other factors, watermark extraction and screening operations can be conducted by one or more devices that may reside within and/or outside of a home network. For example, Table 1 provides a listing of how the responsibility of watermark extraction and screening can be shared among the various devices in eight exemplary scenarios.
Table 1 - Example Division of Operations
Figure imgf000041_0001
[0121] Table 1 illustrates that, in scenario 1, both the watermark extraction and screening operations are carried out at the content client device while, in scenario 4, both operations are carried out at the content server. In the remaining scenarios, the watermark extraction and screening operations are conducted through cooperation of the content client device, the content server, a delegated device and/or a slave device. In particular, in scenario 2, the content client device invokes a slave device which conducts the watermark extraction. For example, such a slave device can be another trusted content client device or trusted server device with watermark extraction capabilities. In scenario 3, the content client device, which is a trusted device, delegates both the watermark extraction and screening operations to a trusted delegated device. Scenarios 4 through 6 provide analogs of scenarios 1 through 3. But in scenarios 4 through 6 the content server is the responsible device which may undertake the screening operations on its own, invoke a slave device to conduct the screening operations, or delegate these operations to a delegated device. In scenario 7, the content server conducts the watermark extraction operation and the content client device performs the screening. In scenario 8, the content client device conducts the watermark extraction operation and the content server performs the screening.
[0122] It can be appreciated that the exemplary listings of Table 1 do not provide an exhaustive listing of all cooperative scenarios. For example, a variation of scenario 7 can be constructed where the watermark extraction is implemented by the content server through invocation of a slave device. As noted earlier, the selection of one or more trusted devices to conduct a particular operation in cooperation with one or more trusted devices can be influenced by a variety of factors, such as the user preferences, complexity of implementation and the like. Table 2 provides an exemplary evaluation of the eight scenarios of Table 1 based on six different factors.
Table 2 - Exemplary Evaluation of Scenarios 1 to 8
Figure imgf000043_0001
[0123] The exemplary evaluations of Table 2 provide a rough assessment of the merits for each configuration of devices in scenarios 1 through 8. Table 2 further includes a limited number of factors for illustration purposes. However, it is understood that additional factors, such as computational load and memory capabilities of each device, preferences of the content owner and the like, can also be considered in making an assessment of each scenario. The right-most column of Table 2 provides an overall preference ranking for each scenario. This overall ranking may be produced by considering all the evaluated items that are listed in Table 2 and/or additional factors that are not listed in Table 2. In one embodiment, such an overall preference ranking is used as a default setting, which prescribes a particular configuration of devices in the absence specific instructions that favors other configurations.
[0124] A review of Table 2 reveals that, even if both the content server and the content client device are capable of performing watermark extraction and/or screening operation, it may be preferred to assign certain operations to one or both of the devices (or even a third device such as a delegated or slave device) to accommodate particular preferences. In accordance with the disclosed embodiments, if both the client content device and the content server are trusted entities, then they can ascertain the capabilities of one another, and decide how to most effectively conduct the watermark extraction and screening operations. If only one of the devices is a trusted device, then that device must determine how to independently, or in cooperation with other trusted devices, carry out the necessary watermark extraction and screening operations.
[0125] FIG. 8 is a flow diagram associated with watermark extraction and screening operations that are conducted in a collaborative fashion in accordance with an exemplary embodiment. At 802, a request for access to a content is detected. Such a request is typically initiated by a content client device and is directed to a content server. However, in some examples, the requests may be communicated between content client devices, content servers and/or other devices. At 804, device authentication is performed. For example, a device authentication that was described in connection with FIG. 7 may be performed to determine the trusted status of the devices and to obtain certain device capabilities. If it is determined, at 806, that both devices are trusted (i.e., "YES" at 806), certain device capabilities may be optionally exchanged between the two trusted devices at 808. As noted earlier, some or all of the device capabilities may be exchanged during device authentication step at 804. However, in some embodiments, device authentication and acquisition of device capabilities may be conducted in separate steps. For example, certain device capabilities, such as whether or not a device can perform watermark extraction or screening, can be ascertained during the authentication step (i.e., at 804), while other device capabilities, such as whether or not a device has spare computational resources to conduct additional operations, are ascertained during a subsequent information exchange operation (i.e., at 808).
[0126] Referring back to FIG. 8, at 810, the two devices collaboratively determine the proper operational configuration. This step allows the division of labor between the two trusted devices (and/or additional trusted devices) based on a desired criterion. For example, an operational configuration that correspond to one of scenarios SI through S8 (see Table 1) can be selected based on a preference that is listed in Table 2. Alternatively, an available operational configuration may be selected with the highest overall preference ranking. At 812, watermark extraction and/or content screening operations are conducted by the appropriate devices that were selected at 810. It should also be noted that content screening operations at 812 may simply comprise receiving an existing watermark extraction record from a trusted device (or from a secure storage location that is known to a trusted device) and conducting screening in accordance with the received extraction record (e.g., see steps 212 to 218 of FIG. 2). In other embodiments, where a pre-existing watermark extraction record does not exist (or cannot be accessed), watermark extraction and/or content screening operations can be performed, at 812, by one or more trusted devices.
[0127] If, at 806 in FIG. 8, the determination is "NO", the process moves to 814, where it is determined if only one device is trusted. Such a determination can be made when, for example, a trusted content client device fails to authenticate a content server. Alternatively, as will be described in the sections that follow, a central authority can make such a determination. If only one device is trusted (i.e., "YES" at 814), the trusted device determines the proper configuration for conducting the watermark extraction and/or screening operations, at 816. In doing so, the trusted device may utilize the services of other trusted devices inside or outside of the home network. Upon determining the proper configuration, the process moves to 812, where watermark extraction and/or content screening operations are conducted. If, at 814, it is determined that none of the devices are trusted (i.e., "NO" at 814), the process may be aborted (e.g., content access is denied) at 818. Alternatively, the content may be provided in a protected format (e.g., in encrypted format). In some embodiments, the content is delivered in a degraded format. In still other embodiments, only a part of the content is delivered.
[0128] The operations that are described in FIG. 8 may be repeated, at least in-part, when each device within a home network is attempting to acquire a content, to provide a content, or solicit screening services/information from another device within the home network. Further, the above noted operations may also be carried out when at least one of the devices resides outside of the home network, if a mechanism for authentication between the devices inside and outside of the network exists.
[0129] Table 3 provides an exemplary listing of device configuration possibilities that is organized based on the trusted status of the two devices and the availability of watermark extraction and screening capabilities at the two devices. SI through S8 represent the device configurations that were previously discussed in connection with the exemplary scenarios 1 through 8, respectively. Table 3 - Operational Configuration Possibilities based on Screening Capabilities
Figure imgf000046_0001
[0130] Table 3 illustrates the availability of different operational configurations based on the trusted status of each device and the available screening capabilities in accordance with an exemplary embodiment. Once it is determined which of the operational configurations are available, a particular configuration can be selected to effect the desired screening operations. For example, as noted earlier, a configuration that provides the best overall preference ranking may be selected.
[0131] By providing watermark extraction and screening capabilities to various devices and at various points of content distribution, secure distribution of content can be enabled. Separation of watermark extraction and screening operations further facilitates the proliferation of "compliant" devices with limited computational resources (such as mobile devices). Such compliant devices are trusted devices that can, for example, implement only a portion of watermark extraction and/or screening capabilities, and rely on other devices to provide the remaining operational capabilities. FIG. 9 is an exemplary diagram of different content distribution scenarios involving a compliant content server 902, a non-compliant content server 904, a compliant content client device 906, a non-compliant content client device 908, as well as protected and unprotected content. A protected content can be protected by a content protection mechanism, such as encryption. In such a scenario, as illustrated at 910, the protected content can be played by, and is thus delivered to, a compliant content client device 906 that is capable of decrypting the content. This is illustrated at 910. However, it should be noted that such a protected content may also be delivered to, at 920, the non-compliant content client device 908. The non-compliant content client device 908 may be able to use the protected content, if, for example, it has acquired the necessary decryption capability. Such a capability can be acquired, for example, illegally (e.g., a device is hacked or encryption keys are stolen), or legally (e.g., if the content owner decides to temporarily grant the capability to a non-compliant client device 908).
[0132] Referring back to FIG. 9, the unprotected content, at 912, may be delivered from the compliant content server 902 to the compliant content client device 906, which performs the watermark extraction and/or screening operations. An unprotected content may also be delivered, at 916, from the non-compliant content server 904 to the compliant content client device 906, which screens the content. The compliant content device 906 may employ one of the previously noted cooperative methods to efficiently screen the unprotected content. FIG. 9 also illustrates that an unprotected content may be delivered, at 914, from the compliant content server 902 to a non-compliant client content device 908. In this scenario, the compliant content server 902 performs the necessary watermark extraction and screening prior to delivering the content.
[0133] The exemplary content delivery architecture that is depicted in FIG. 9 also accounts for the delivery, at 918, of an unprotected content (e.g., a pirated content) from the non- compliant content server 904 to the non-compliant content client device 908. As noted earlier, to reduce the likelihood of unauthorized content use, the proliferation of compliant content client devices may be encouraged by providing incentives to the content users.
Further, blocking the delivery of protected content (or delivery of a partial content), at 920, to a non-compliant client device 908 can encourage the user to acquire a compliant device. Such an upgrade is facilitated in accordance with the disclosed embodiments, since the non- compliant content client device 908 may only be required to acquire some or all of the screening capabilities. Acquisition of such screening capabilities enables the device to receive protected content (e.g., at 920). In addition, through the use of cooperative extraction methods described earlier, the device can receive and screen unprotected content from a non- compliant content server 904.
[0134] As discussed earlier, it is possible that the compliant device, e.g. 902 or 906, does not have the appropriate codecs that are required to perform watermark extraction and/or screening of a content that is encoded in a specific media format. One of the following polices may be applied to this situation: 1) stop the transfer or use of the content; 2) use one of the invocation or delegation models to conduct the watermark extraction and/or screening; 3) allow the limited or unlimited transfer or use of the content (the limitations may include a maximum number of times that such transfer or usage is allowed).
[0135] In another embodiment that is particularly applicable to centralized architectures, cooperative watermark extraction in accordance with the disclosed embodiment may be implemented in situations where a special trusted device (e.g., a "gateway" 614 that is depicted in FIG. 6) coordinates and controls other devices to enable content sharing and consumption, as well as watermark extraction, screening and digital rights management. As such, the gateway device may coordinate watermark extraction, transfer of extraction records, authentication operations, communication and/or acquisition of trusted device lists, and the like. The gateway device typically resides inside of a home network (e.g., a DLNA- compliant network). In some embodiments, the communications between the gateway and the various devices are encrypted.
[0136] The gateway device, which may be controlled directly by a service provider, can be responsible for assigning watermark extraction tasks to one or more capable and trusted devices in a home network. For example, the gateway device can be the only device that is authorized to acquire and decrypt a protected content and/or to serve such a protected content in a home network. The gateway device may further be able to control a compliant content server for content discovery, exposure, serving and transport. The gateway device can also control a compliant content client device for content rendering.
[0137] In another example, the gateway device may be, additionally or alternatively, responsible for determining the appropriate operational configurations that are necessary to conduct the various screening operations. The gateway device may also direct and synchronize the trusted devices to conduct the screening operations. For example, the gateway may use one of the invocation and delegation models to effect the necessary screening operations. In some embodiments, trusted device authentication operations may also be conducted by the gateway device. Additionally, the gateway device may maintain a revocation list and may have the authority to revoke the trusted status of a device within the network. Further, the gateway device may retain usage rules associated with different embedded watermarks. Such usage rules may be used to prescribe various enforcement actions. Such usage rules may also be communicated to various trusted devices. The gateway device may also control screening and update the usage rules for policy
enforcement.
[0138] In still other embodiments, the gateway device may be in communication with one or more external device (e.g., another gateway device, a content server device, a content client device, etc.) that reside outside of the home network. In these embodiments, the gateway device may control the flow of content, authentication information and other information between the home network and the external devices.
[0139] According to some embodiments, all watermark extraction records may be stored in a central location that is accessible by the gateway. The watermark extraction records may additionally be duplicated on other devices on a home network. Further improvements in screening efficiency can be achieved by secure and private exchange of watermark extraction records. The exchange must be conducted between trusted devices either within the home network (e.g., a DLNA-compliant network) or from a cloud space via Internet. Exchange of extraction records may occur during the authentication of two devices so that the security, including confidentiality and integrity, is ensured. For example, using the DTCP-IP's authentication protocol, any information (such as the extraction records) can be securely exchanged between the two devices.
[0140] A need for the exchange of extraction records between two devices may arise if one of the devices does not have the extraction records. In this scenario, the records may be copied from one device onto the other device. In another scenario, an exchange of records may be necessary to merge and synchronize the records of both devices. In these situations, the exchange of records may be conducted in the following manner. If an extraction record of a content item identified by its file name or hash code on the first device does not exist in the records on the second device, the missing record can be added to the second device (and vice verse). If, on the other hand, a record for the same content item exists on both devices, the record with the latest date and time stamp (e.g., last modification date and time) is used to synchronize the contents of the two devices.
[0141] When the extraction records associated with a user are kept in the cloud, they can be considered as part of a central "virtual records" repository which allows or denies the user to render a content. These virtual records can be organized in several ways. In one example embodiment, each user has a private virtual locker in the cloud for the extraction records corresponding to the content files in his/her home network. The advantage of this configuration is that the user can ubiquitously access the records to receive permissions to render his/her content. In another example embodiment, all virtual records from all users (e.g., all users in a geographic region or all users of a service provider) are stored in a universal locker. The extraction records can be indexed by the hash code. Thus, only one record is needed to be stored in the cloud for a content item, from which a unique hash code can be produced. One advantage of such organization is that these records are anonymous and less redundant.
[0142] In some embodiments, only a portion of the extraction records is stored in the cloud. In one example, only the extraction records that correspond to successful content access requests are stored in the cloud. In another example, only the extraction records that correspond to unsuccessful content access requests are stored in the cloud. In other embodiments, the privacy of the users is protected by either using a trusted service or by obfuscating the source of the query. In still other embodiments, certain users are given enhanced privileges to facilitate access and exchange of extraction records. For example, such privileges may be granted to users with no record of unsuccessful content access requests, whereas users with a history of unsuccessful content access requests may have to accept some delays associated with additional authentication and verification operations.
[0143] It is understood that the various embodiments of the present invention may be implemented individually, or collectively, in devices comprised of various hardware and/or software modules and components. These devices, for example, may comprise a processor, a memory unit, an interface that are communicatively connected to each other, and may range from desktop and/or laptop computers, to consumer electronic devices such as media players, mobile devices and the like. For example, FIG. 10 illustrates a block diagram of a device 1000 within which the various disclosed embodiments may be implemented. The device 1000 comprises at least one processor 1002 and/or controller, at least one memory 1004 unit that is in communication with the processor 1002, and at least one communication unit 1006 that enables the exchange of data and information, directly or indirectly, through the communication link 1008 with other entities, devices and networks. The communication unit 1006 may provide wired and/or wireless communication capabilities in accordance with one or more communication protocols, and therefore it may comprise the proper
transmitter/receiver antennas, circuitry and ports, as well as the encoding/decoding capabilities that may be necessary for proper transmission and/or reception of data and other information. The exemplary device 1000 that is depicted in FIG. 10 may be integrated into as part of a content handling device 100, a master device 404, a slave device 412, a delegating device 504, a delegated device 510 and/or a destination device 514 that are depicted in FIGs. 1, 4 and 5.
[0144] Referring back to FIG. 1, any one of the watermark extractor 104, the digital signature generator 106, the encryption component 108, the authentication component 120 and the like may be implemented in software, hardware, firmware, or combinations thereof. Similarly, the various components or sub-components within each module may be implemented in software, hardware or firmware. The connectivity between the modules and/or components within the modules may be provided using any one of the connectivity methods and media that is known in the art, including, but not limited to, communications over the Internet, wired, or wireless networks using the appropriate protocols.
[0145] Various embodiments described herein are described in the general context of methods or processes, which may be implemented in one embodiment by a computer program product, embodied in a computer-readable medium, including computer-executable instructions, such as program code, executed by computers in networked environments. A computer-readable medium may include removable and non-removable storage devices including, but not limited to, Read Only Memory (ROM), Random Access Memory (RAM), compact discs (CDs), digital versatile discs (DVD), etc. Therefore, the computer-readable media that is described in the present application comprises non-transitory storage media. Generally, program modules may include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Computer-executable instructions, associated data structures, and program modules represent examples of program code for executing steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such steps or processes.
[0146] The foregoing description of embodiments has been presented for purposes of illustration and description. The foregoing description is not intended to be exhaustive or to limit embodiments of the present invention to the precise form disclosed, and modifications and variations are possible in light of the above teachings or may be acquired from practice of various embodiments. The embodiments discussed herein were chosen and described in order to explain the principles and the nature of various embodiments and its practical application to enable one skilled in the art to utilize the present invention in various embodiments and with various modifications as are suited to the particular use contemplated. The features of the embodiments described herein may be combined in all possible combinations of methods, apparatus, modules, systems, and computer program products.

Claims

CLAIMS What is claimed is:
1. A method, comprising:
receiving a request for access to a content at a first device from a second device, the first device operating in a network;
performing device authentication to ascertain a trusted status associated with one or both of the first and second devices; and
determining an operational configuration for performing watermark extraction and content screening operations using of one or more trusted devices.
2. The method of claim 1, wherein
the second device is a trusted content client device; and
the second device is configured to perform the watermark extraction and screening operations.
3. The method of claim 1, wherein
the second device is a trusted content client device;
a trusted slave device is configured to perform the watermark extraction operation and provide information associated with the watermark extraction to the second device; and the second device is configured to perform the screening operation.
4. The method of claim 1 , wherein
the second device is a trusted content client device; and
a trusted delegated device is configured to perform the watermark extraction and screening operations.
5. The method of claim 1, wherein
the first device is a trusted content server; and
the first device is configured to perform the watermark extraction and screening operations.
6. The method of claim 1, wherein
the first device is a trusted content server;
a trusted slave device is configured to perform the watermark extraction operation and provide information associated with the watermark extraction to the first device; and the first device is configured to perform the screening operation.
7. The method of claim 1, wherein
the first device is a trusted content server; and
a trusted delegated device is configured to perform the watermark extraction and screening operations.
8. The method of claim 1, wherein
the first device is a trusted content server;
the second device is a trusted content client device; and
the first device is configured to perform the watermark extraction operation; and the second device is configured to perform the screening operation.
9. The method of claim 1 , wherein
the first device is a trusted content server;
the second device is a trusted content client device; and
the second device is configured to perform the watermark extraction operation; and the first device is configured to perform the screening operation.
The method of claim 1, further comprising:
receiving a device authentication certificate at the first device from the second verifying an authenticity of the certificate; and
ascertaining capabilities of the second device.
11. The method of claim 10, wherein
the certificate comprises information indicative of at least a portion of the capabilities of the second device; and
ascertained capabilities of the second device comprises a capability to conduct some or all of the watermark extraction and content screening operations.
12. The method of claim 11, wherein:
the certificate is a digital transmission content protection over Internet protocol (DTCP-IP) certificate; and
information regarding the capabilities of the second device is carried as part of the DCTP-IP certificate.
13. The method of claim 10, wherein the ascertained capabilities of the second device comprises a capability to grant computational and memory resources to other devices.
14. The method of claim 1, further comprising;
receiving a device authentication certificate at the second device from the first device;
verifying an authenticity of the certificate received from the first device; and ascertaining capabilities of the first device.
15. The method of claim 14, wherein the ascertained capabilities of the first device comprises a capability to conduct some or all of the watermark extraction and/or content screening operations.
16. The method of claim 1, wherein the operational configuration designates at least one of the first and the second devices to conduct the watermark extraction and content screening operations in accordance with a factor selected from the group consisting of:
availability of computational resources;
availability of watermark extraction and screening capabilities;
an integration for a
a consumer
a processing performance; and
an overall preference ranking.
17. The method of claim 1, wherein the request for access to the content is initially received at a gateway device configured to:
coordinate operations of a plurality of devices within a network;
coordinate device authentication to ascertain a trusted status associated with one or both of the first and second devices; and
determine the operational configuration for performing watermark extraction and content screening operations using of one or more trusted devices.
18. The method of claim 17, wherein the gateway device is configured to communicate with the one or more trusted devices to commence the watermark extraction and/or content screening operations.
19. The method of claim 17, wherein the gateway device is configured to revoke a trusted status of a device within the network.
20. The method of claim 17, wherein the gateway device is configured to retain a content use policy associated with embedded watermarks.
21. A device, comprising:
a processor; and
a memory, including processor executable code, the processor executable code when executed by the processor configures the device to:
receive a request for access to a content at a first device from a second device, the first device operating in a network;
perform device authentication to ascertain a trusted status associated with one or both of the first and the second devices; and
determine an operational configuration for performing watermark extraction and content screening operations using one or more trusted devices.
22. The device of claim 21, wherein processor executable code when executed by the processor configures the device to:
receive a device authentication certificate at the first device from the second device;
verify an authenticity of the certificate; and
ascertain capabilities of the second device.
23. The device of claim 22, wherein
the certificate comprises information indicative of at least a portion of the capabilities of the second device; and
ascertained capabilities of the second device comprises a capability to conduct some or all of the watermark extraction and content screening operations.
24. The device of claim 22, wherein:
the certificate is a digital transmission content protection over Internet protocol (DTCP-IP) certificate; and
information regarding the capabilities of the second device is carried as part of the DCTP-IP certificate.
25. The device of claim 22, wherein the ascertained capabilities of the second device comprises a capability to grant computational and memory resources to other devices.
26. A computer program product, embodied on a non-transitory computer readable medium, comprising:
program code for receiving a request for access to a content at a first device from a second device, the first device operating in a network;
program code for performing device authentication to ascertain a trusted status associated with one or both of the first and the second devices; and
program code for determining an operational configuration for performing watermark extraction and content screening operations using one or more trusted devices.
PCT/US2011/051855 2010-09-16 2011-09-15 Secure and efficient content screening in a networked environment WO2012037420A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
KR1020137009718A KR101594230B1 (en) 2010-09-16 2011-09-15 Secure and efficient content screening in a networked environment
EP11825990.2A EP2616984A4 (en) 2010-09-16 2011-09-15 Secure and efficient content screening in a networked environment
CN201180051678.7A CN103189872B (en) 2010-09-16 2011-09-15 Safety in networked environment and the effectively method and apparatus of Content Selection

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US38369310P 2010-09-16 2010-09-16
US61/383,693 2010-09-16
US13/080,605 2011-04-05
US13/080,593 2011-04-05
US13/080,593 US8838977B2 (en) 2010-09-16 2011-04-05 Watermark extraction and content screening in a networked environment
US13/080,598 2011-04-05
US13/080,605 US9607131B2 (en) 2010-09-16 2011-04-05 Secure and efficient content screening in a networked environment
US13/080,598 US8838978B2 (en) 2010-09-16 2011-04-05 Content access management using extracted watermark information

Publications (2)

Publication Number Publication Date
WO2012037420A2 true WO2012037420A2 (en) 2012-03-22
WO2012037420A3 WO2012037420A3 (en) 2012-05-31

Family

ID=45818801

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2011/051857 WO2012037422A2 (en) 2010-09-16 2011-09-15 Improvements in watermark extraction efficiency
PCT/US2011/051855 WO2012037420A2 (en) 2010-09-16 2011-09-15 Secure and efficient content screening in a networked environment

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/US2011/051857 WO2012037422A2 (en) 2010-09-16 2011-09-15 Improvements in watermark extraction efficiency

Country Status (5)

Country Link
US (3) US9607131B2 (en)
EP (2) EP2616984A4 (en)
KR (2) KR101531450B1 (en)
CN (2) CN103189873A (en)
WO (2) WO2012037422A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9099080B2 (en) 2013-02-06 2015-08-04 Muzak Llc System for targeting location-based communications

Families Citing this family (113)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7644282B2 (en) 1998-05-28 2010-01-05 Verance Corporation Pre-processed information embedding system
US6737957B1 (en) 2000-02-16 2004-05-18 Verance Corporation Remote control signaling using audio watermarks
US9609278B2 (en) 2000-04-07 2017-03-28 Koplar Interactive Systems International, Llc Method and system for auxiliary data detection and delivery
EP2442566A3 (en) 2002-10-15 2012-08-08 Verance Corporation Media Monitoring, Management and Information System
US7330511B2 (en) 2003-08-18 2008-02-12 Koplar Interactive Systems International, L.L.C. Method and system for embedding device positional data in video signals
US20060239501A1 (en) 2005-04-26 2006-10-26 Verance Corporation Security enhancements of digital watermarks for multi-media content
US9055239B2 (en) 2003-10-08 2015-06-09 Verance Corporation Signal continuity assessment using embedded watermarks
US8020004B2 (en) 2005-07-01 2011-09-13 Verance Corporation Forensic marking using a common customization function
US8781967B2 (en) 2005-07-07 2014-07-15 Verance Corporation Watermarking in an encrypted domain
US20090111584A1 (en) 2007-10-31 2009-04-30 Koplar Interactive Systems International, L.L.C. Method and system for encoded information processing
US8259938B2 (en) 2008-06-24 2012-09-04 Verance Corporation Efficient and secure forensic marking in compressed
US8582781B2 (en) 2009-01-20 2013-11-12 Koplar Interactive Systems International, L.L.C. Echo modulation methods and systems
US8715083B2 (en) 2009-06-18 2014-05-06 Koplar Interactive Systems International, L.L.C. Methods and systems for processing gaming data
KR20110101582A (en) * 2010-03-09 2011-09-16 삼성전자주식회사 Apparatus and method for preventing illegal software download of portable terminal in computer system
US9607131B2 (en) 2010-09-16 2017-03-28 Verance Corporation Secure and efficient content screening in a networked environment
JP5087123B2 (en) * 2010-10-15 2012-11-28 株式会社東芝 Playback apparatus and playback method
US9003462B2 (en) * 2011-02-10 2015-04-07 Comcast Cable Communications, Llc Content archive model
US9515904B2 (en) 2011-06-21 2016-12-06 The Nielsen Company (Us), Llc Monitoring streaming media content
US8713314B2 (en) 2011-08-30 2014-04-29 Comcast Cable Communications, Llc Reoccuring keying system
US9049496B2 (en) 2011-09-01 2015-06-02 Gracenote, Inc. Media source identification
FR2981530B1 (en) * 2011-10-12 2013-12-06 Broadpeak GATEWAY, AND METHOD, COMPUTER PROGRAM, AND CORRESPONDING STORAGE MEANS
US8682026B2 (en) 2011-11-03 2014-03-25 Verance Corporation Efficient extraction of embedded watermarks in the presence of host content distortions
US8615104B2 (en) 2011-11-03 2013-12-24 Verance Corporation Watermark extraction based on tentative watermarks
US8533481B2 (en) 2011-11-03 2013-09-10 Verance Corporation Extraction of embedded watermarks from a host content based on extrapolation techniques
US8923548B2 (en) 2011-11-03 2014-12-30 Verance Corporation Extraction of embedded watermarks from a host content using a plurality of tentative watermarks
US8745403B2 (en) 2011-11-23 2014-06-03 Verance Corporation Enhanced content management based on watermark extraction records
US9323902B2 (en) 2011-12-13 2016-04-26 Verance Corporation Conditional access using embedded watermarks
US9547753B2 (en) 2011-12-13 2017-01-17 Verance Corporation Coordinated watermarking
US9026789B2 (en) * 2011-12-23 2015-05-05 Blackberry Limited Trusted certificate authority to create certificates based on capabilities of processes
TWI496458B (en) * 2011-12-30 2015-08-11 Amtran Technology Co Ltd Television receiving device providing a real time live video data stream file and method thereof
WO2013138651A1 (en) * 2012-03-14 2013-09-19 Robert Bosch Gmbh Device pairing with audio fingerprint encodings
CN103379101A (en) * 2012-04-20 2013-10-30 腾讯科技(深圳)有限公司 Watermark generation method, client side and server
US8930005B2 (en) * 2012-08-07 2015-01-06 Sonos, Inc. Acoustic signatures in a playback system
US9571606B2 (en) 2012-08-31 2017-02-14 Verance Corporation Social media viewing system
US9106964B2 (en) 2012-09-13 2015-08-11 Verance Corporation Enhanced content distribution using advertisements
US8869222B2 (en) 2012-09-13 2014-10-21 Verance Corporation Second screen content
US8726304B2 (en) 2012-09-13 2014-05-13 Verance Corporation Time varying evaluation of multimedia content
US9280792B2 (en) * 2012-10-12 2016-03-08 Empire Technology Development Llc Notarization based on currency transactions
CN103065662A (en) 2013-01-22 2013-04-24 中兴通讯股份有限公司 Method and system for continuous broadcasting of media resources in device
US9262793B2 (en) 2013-03-14 2016-02-16 Verance Corporation Transactional video marking system
US8978060B2 (en) 2013-03-15 2015-03-10 Google Inc. Systems, methods, and media for presenting advertisements
US9900261B2 (en) * 2013-06-02 2018-02-20 Airwatch Llc Shared resource watermarking and management
US9584437B2 (en) * 2013-06-02 2017-02-28 Airwatch Llc Resource watermarking and management
US9015062B2 (en) * 2013-06-20 2015-04-21 Aol Advertising Inc. Systems and methods for cross-browser advertising ID synchronization
US9485089B2 (en) 2013-06-20 2016-11-01 Verance Corporation Stego key management
US9525991B2 (en) 2013-06-25 2016-12-20 Actiontec Electronics, Inc. Systems and methods for sharing digital information between mobile devices of friends and family using embedded devices
US20140379800A1 (en) * 2013-06-25 2014-12-25 Actiontec Electronics, Inc. Systems and methods for sharing digital information between mobile devices of friends and family by loading application components onto embedded devices
US8838836B1 (en) 2013-06-25 2014-09-16 Actiontec Electronics, Inc. Systems and methods for sharing digital information between mobile devices of friends and family using multiple LAN-based embedded devices
US8756426B2 (en) 2013-07-03 2014-06-17 Sky Socket, Llc Functionality watermarking and management
US8806217B2 (en) 2013-07-03 2014-08-12 Sky Socket, Llc Functionality watermarking and management
US8775815B2 (en) 2013-07-03 2014-07-08 Sky Socket, Llc Enterprise-specific functionality watermarking and management
JP6224105B2 (en) 2013-07-22 2017-11-01 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Information management method
US9251549B2 (en) 2013-07-23 2016-02-02 Verance Corporation Watermark extractor enhancements based on payload ranking
US9872000B2 (en) * 2013-08-09 2018-01-16 Thomson Licensing Second screen device and system
CN103650459A (en) * 2013-08-09 2014-03-19 华为技术有限公司 Information presentation method and equipment
US9665723B2 (en) * 2013-08-15 2017-05-30 Airwatch, Llc Watermarking detection and management
WO2015026971A2 (en) * 2013-08-20 2015-02-26 Shanklin Steven Dale Application trust-listing security service
US9208334B2 (en) 2013-10-25 2015-12-08 Verance Corporation Content management using multiple abstraction layers
FR3016067B1 (en) * 2013-12-30 2017-03-24 European Aeronautic Defence & Space Co Eads France MOBILE DEVICE FOR STORING DIGITAL DATA
US11601525B2 (en) * 2014-01-28 2023-03-07 Time Warner Cable Enterprises Llc Apparatus and methods for content access, retrieval, and delivery in a content distribution network
US10504200B2 (en) 2014-03-13 2019-12-10 Verance Corporation Metadata acquisition using embedded watermarks
EP3117626A4 (en) 2014-03-13 2017-10-25 Verance Corporation Interactive content acquisition using embedded codes
US20150261753A1 (en) * 2014-03-13 2015-09-17 Verance Corporation Metadata acquisition using embedded codes
US9628487B2 (en) 2014-03-24 2017-04-18 Futurewei Technologies, Inc. System and method for partial URL signing with applications to dynamic adaptive streaming
EP2950229B1 (en) * 2014-05-28 2018-09-12 Nxp B.V. Method for facilitating transactions, computer program product and mobile device
DE102014211899A1 (en) * 2014-06-20 2015-12-24 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Apparatus and method for copy protected generating and playing a wave field synthesis audio presentation
US9848003B2 (en) * 2014-06-23 2017-12-19 Avaya Inc. Voice and video watermark for exfiltration prevention
WO2016028934A1 (en) 2014-08-20 2016-02-25 Verance Corporation Content management based on dither-like watermark embedding
WO2016033289A1 (en) * 2014-08-27 2016-03-03 WavSTAR, LLC Content acquisition, protection, and conversion system
US9812138B1 (en) * 2014-09-03 2017-11-07 Amazon Technologies, Inc. Proving file ownership
US9705879B2 (en) 2014-09-17 2017-07-11 Microsoft Technology Licensing, Llc Efficient and reliable attestation
US10754977B2 (en) * 2014-09-25 2020-08-25 Micro Focus Llc Report comprising a masked value
US9942602B2 (en) 2014-11-25 2018-04-10 Verance Corporation Watermark detection and metadata delivery associated with a primary content
EP3225034A4 (en) 2014-11-25 2018-05-02 Verance Corporation Enhanced metadata and content delivery using watermarks
US9602891B2 (en) 2014-12-18 2017-03-21 Verance Corporation Service signaling recovery for multimedia content using embedded watermarks
US10673852B2 (en) 2014-12-23 2020-06-02 Mcafee, Llc Self-organizing trusted networks
US10277934B2 (en) * 2015-03-13 2019-04-30 Qualcomm Incorporated Permissions management for watermarked data in a broadcast environment
WO2016172585A1 (en) * 2015-04-24 2016-10-27 Verance Corporation Efficient and secure watermark screening in media servers
CN104852914B (en) * 2015-04-30 2018-07-13 中国人民解放军国防科学技术大学 A kind of watermark hopping communication means based on packet interval
WO2016176056A1 (en) 2015-04-30 2016-11-03 Verance Corporation Watermark based content recognition improvements
US10425427B2 (en) 2015-06-19 2019-09-24 Futurewei Technologies, Inc. Template uniform resource locator signing
WO2017015399A1 (en) 2015-07-20 2017-01-26 Verance Corporation Watermark-based data recovery for content with multiple alternative components
US20170039376A1 (en) * 2015-08-05 2017-02-09 Dell Products L.P. Systems and methods for providing secure data
CN105898351A (en) * 2015-10-22 2016-08-24 乐视致新电子科技(天津)有限公司 Remote user-defined channel analysis method, server, client end and system
CN105246172A (en) * 2015-11-24 2016-01-13 成都微讯云通科技有限公司 Network transmission method for mobile terminals
US20170147830A1 (en) * 2015-11-24 2017-05-25 Comcast Cable Communications, Llc Adaptive Rights Management System
US10805273B2 (en) * 2016-04-01 2020-10-13 Egnyte, Inc. Systems for improving performance and security in a cloud computing system
WO2017184648A1 (en) * 2016-04-18 2017-10-26 Verance Corporation System and method for signaling security and database population
US10027850B2 (en) * 2016-04-19 2018-07-17 Blackberry Limited Securing image data detected by an electronic device
US10019639B2 (en) 2016-04-19 2018-07-10 Blackberry Limited Determining a boundary associated with image data
US10320571B2 (en) * 2016-09-23 2019-06-11 Microsoft Technology Licensing, Llc Techniques for authenticating devices using a trusted platform module device
US20180288052A1 (en) * 2017-03-31 2018-10-04 Mcafee, Inc. Trusted remote configuration and operation
US10242680B2 (en) * 2017-06-02 2019-03-26 The Nielsen Company (Us), Llc Methods and apparatus to inspect characteristics of multichannel audio
WO2018237191A1 (en) 2017-06-21 2018-12-27 Verance Corporation Watermark-based metadata acquisition and processing
CN107516529B (en) * 2017-08-11 2020-06-09 杭州联汇科技股份有限公司 Mobile terminal audio rapid identification method
US10902144B2 (en) * 2017-08-25 2021-01-26 Electronics And Telecommunications Research Institute Method and apparatus for securing data
US11275867B1 (en) * 2018-02-28 2022-03-15 Amazon Technologies, Inc. Content integrity processing
US11468149B2 (en) * 2018-04-17 2022-10-11 Verance Corporation Device authentication in collaborative content screening
US11140460B2 (en) 2018-05-29 2021-10-05 At&T Intellectual Property I, L.P. Content distribution pipeline watermarking
US10694248B2 (en) 2018-06-12 2020-06-23 The Nielsen Company (Us), Llc Methods and apparatus to increase a match rate for media identification
CN109640299B (en) * 2019-01-31 2021-09-21 浙江工商大学 Aggregation method and system for ensuring M2M communication integrity and fault tolerance
CN109921902B (en) 2019-03-22 2020-10-23 创新先进技术有限公司 Key management method, security chip, service server and information system
US11281929B2 (en) * 2019-05-06 2022-03-22 Rovi Guides, Inc. Systems and methods for determining whether to modify content
US11537690B2 (en) * 2019-05-07 2022-12-27 The Nielsen Company (Us), Llc End-point media watermarking
US11537689B2 (en) 2019-10-10 2022-12-27 Baidu Usa Llc Method and system for signing an artificial intelligence watermark using a kernel
US11740940B2 (en) 2019-10-10 2023-08-29 Baidu Usa Llc Method and system for making an artifical intelligence inference using a watermark-inherited kernel for a data processing accelerator
US11645116B2 (en) 2019-10-10 2023-05-09 Baidu Usa Llc Method and system for making an artificial intelligence inference using a watermark-enabled kernel for a data processing accelerator
US11645586B2 (en) 2019-10-10 2023-05-09 Baidu Usa Llc Watermark unit for a data processing accelerator
US11775347B2 (en) 2019-10-10 2023-10-03 Baidu Usa Llc Method for implanting a watermark in a trained artificial intelligence model for a data processing accelerator
US11709712B2 (en) 2019-10-10 2023-07-25 Baidu Usa Llc Method and system for artificial intelligence model training using a watermark-enabled kernel for a data processing accelerator
US11443243B2 (en) * 2019-10-10 2022-09-13 Baidu Usa Llc Method and system for artificial intelligence model training using a watermark-enabled kernel for a data processing accelerator
US11722741B2 (en) 2021-02-08 2023-08-08 Verance Corporation System and method for tracking content timeline in the presence of playback rate changes
US11868460B2 (en) * 2021-03-05 2024-01-09 International Business Machines Corporation Authorized encryption

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6550011B1 (en) * 1998-08-05 2003-04-15 Hewlett Packard Development Company, L.P. Media content protection utilizing public key cryptography
US20030076955A1 (en) * 2001-10-18 2003-04-24 Jukka Alve System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state
US6697944B1 (en) * 1999-10-01 2004-02-24 Microsoft Corporation Digital content distribution, transmission and protection system and method, and portable device for use therewith
US20070005500A1 (en) * 2005-06-20 2007-01-04 Microsoft Corporation Secure online transactions using a captcha image as a watermark

Family Cites Families (551)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5805635A (en) 1964-03-17 1998-09-08 The United States Of America As Represented By The Secretary Of The Navy Secure communication system
US3406344A (en) 1964-07-01 1968-10-15 Bell Telephone Labor Inc Transmission of low frequency signals by modulation of voice carrier
US3919479A (en) 1972-09-21 1975-11-11 First National Bank Of Boston Broadcast signal identification system
US3842196A (en) 1972-10-30 1974-10-15 Hazeltine Research Inc System for transmission of auxiliary information in a video spectrum
US3894190A (en) 1973-02-28 1975-07-08 Int Standard Electric Corp System for transferring wide-band sound signals
US3885217A (en) 1973-07-11 1975-05-20 Computer Specifics Corp Data transmission system
US3973206A (en) 1975-05-22 1976-08-03 A. C. Nielsen Company Monitoring system for voltage tunable receivers and converters utilizing an analog function generator
US4048562A (en) 1975-05-22 1977-09-13 A. C. Nielsen Company Monitoring system for voltage tunable receivers and converters utilizing voltage comparison techniques
JPS53144622A (en) 1977-05-24 1978-12-16 Sony Corp Video signal processing system
US4176379A (en) 1977-10-17 1979-11-27 Xerox Corporation Video input circuits for video hard copy controller
US4225967A (en) 1978-01-09 1980-09-30 Fujitsu Limited Broadcast acknowledgement method and system
US4281217A (en) 1978-03-27 1981-07-28 Dolby Ray Milton Apparatus and method for the identification of specially encoded FM stereophonic broadcasts
US4454610A (en) 1978-05-19 1984-06-12 Transaction Sciences Corporation Methods and apparatus for the automatic classification of patterns
US4230990C1 (en) 1979-03-16 2002-04-09 John G Lert Jr Broadcast program identification method and system
US4295128A (en) 1979-03-26 1981-10-13 University Of Tennessee Research Corp. Apparatus for measuring the degradation of a sensor time constant
JPS5744186A (en) 1980-08-29 1982-03-12 Takeda Riken Ind Co Ltd Waveform memory
US4425578A (en) 1981-01-12 1984-01-10 A. C. Nielsen Company Monitoring system and method utilizing signal injection for determining channel reception of video receivers
US4965825A (en) 1981-11-03 1990-10-23 The Personalized Mass Media Corporation Signal processing apparatus and methods
US4755884A (en) 1982-01-12 1988-07-05 Discovision Associates Audio evaluation of information stored on a record medium under control of video picture frame number
US4564862A (en) 1982-08-09 1986-01-14 Edwin Cohen Ghost signal elimination circuit
US4497060A (en) 1982-12-08 1985-01-29 Lockheed Electronics Co., Inc. Self-clocking binary receiver
US4967273A (en) 1983-03-21 1990-10-30 Vidcode, Inc. Television program transmission verification method and apparatus
US4805020A (en) 1983-03-21 1989-02-14 Greenberg Burton L Television program transmission verification method and apparatus
US4547804A (en) 1983-03-21 1985-10-15 Greenberg Burton L Method and apparatus for the automatic identification and verification of commercial broadcast programs
US4639779A (en) 1983-03-21 1987-01-27 Greenberg Burton L Method and apparatus for the automatic identification and verification of television broadcast programs
US4512013A (en) 1983-04-11 1985-04-16 At&T Bell Laboratories Simultaneous transmission of speech and data over an analog channel
US4703476A (en) 1983-09-16 1987-10-27 Audicom Corporation Encoding of transmitted program material
US4593904A (en) 1984-03-19 1986-06-10 Syntech International, Inc. Player interactive video gaming device
JPS60251724A (en) 1984-05-29 1985-12-12 Pioneer Electronic Corp Receiver for identifying program
US4807013A (en) 1984-10-17 1989-02-21 American Telephone And Telegraph Company At&T Bell Laboratories Polysilicon fillet
DE3523809A1 (en) 1985-05-21 1986-11-27 Polygram Gmbh, 2000 Hamburg METHOD FOR TIME COMPRESSION OF INFORMATION IN DIGITAL FORM
US4677466A (en) 1985-07-29 1987-06-30 A. C. Nielsen Company Broadcast program identification method and apparatus
US4669089A (en) 1985-09-30 1987-05-26 The Boeing Company Suppressed clock pulse-duration modulator for direct sequence spread spectrum transmission systems
US4789863A (en) 1985-10-02 1988-12-06 Bush Thomas A Pay per view entertainment system
US4706282A (en) 1985-12-23 1987-11-10 Minnesota Mining And Manufacturing Company Decoder for a recorder-decoder system
US5057915A (en) 1986-03-10 1991-10-15 Kohorn H Von System and method for attracting shoppers to sales outlets
JPS6317886A (en) 1986-07-11 1988-01-25 Kyorin Pharmaceut Co Ltd Production of spiropyrrolidine-2,5-dione derivative
US4739398A (en) 1986-05-02 1988-04-19 Control Data Corporation Method, apparatus and system for recognizing broadcast segments
GB8611014D0 (en) 1986-05-06 1986-06-11 Emi Plc Thorn Signal identification
US4723302A (en) 1986-08-05 1988-02-02 A. C. Nielsen Company Method and apparatus for determining channel reception of a receiver
US4755871A (en) 1986-11-25 1988-07-05 Magus, Ltd. Control of rf answer pulses in a TV answer back system
US4729398A (en) 1987-01-20 1988-03-08 Bellofram Corp. Current-to-pressure transducers
US4840602A (en) 1987-02-06 1989-06-20 Coleco Industries, Inc. Talking doll responsive to external signal
JPS63199801A (en) 1987-02-12 1988-08-18 Chisso Corp Stabilization treatment device for ferromagnetic metal powder
JPS63198367A (en) 1987-02-13 1988-08-17 Toshiba Corp Semiconductor device
US4764808A (en) 1987-05-05 1988-08-16 A. C. Nielsen Company Monitoring system and method for determining channel reception of video receivers
US4843562A (en) 1987-06-24 1989-06-27 Broadcast Data Systems Limited Partnership Broadcast information classification system and method
EP0298691B1 (en) 1987-07-08 1994-10-05 Matsushita Electric Industrial Co., Ltd. Method and apparatus for protection of signal copy
US4876736A (en) 1987-09-23 1989-10-24 A. C. Nielsen Company Method and apparatus for determining channel reception of a receiver
US4937807A (en) 1987-10-15 1990-06-26 Personics Corporation System for encoding sound recordings for high-density storage and high-speed transfers
US4807031A (en) 1987-10-20 1989-02-21 Interactive Systems, Incorporated Interactive video method and apparatus
US4943963A (en) 1988-01-19 1990-07-24 A. C. Nielsen Company Data collection and transmission system with real time clock
US4931871A (en) 1988-06-14 1990-06-05 Kramer Robert A Method of and system for identification and verification of broadcasted program segments
US4945412A (en) 1988-06-14 1990-07-31 Kramer Robert A Method of and system for identification and verification of broadcasting television and radio program segments
US5213337A (en) 1988-07-06 1993-05-25 Robert Sherman System for communication using a broadcast audio signal
US4930011A (en) 1988-08-02 1990-05-29 A. C. Nielsen Company Method and apparatus for identifying individual members of a marketing and viewing audience
US4969041A (en) 1988-09-23 1990-11-06 Dubner Computer Systems, Inc. Embedment of data in a video signal
US4939515A (en) 1988-09-30 1990-07-03 General Electric Company Digital signal encoding and decoding apparatus
GB8824969D0 (en) 1988-10-25 1988-11-30 Emi Plc Thorn Identification codes
NL8901032A (en) 1988-11-10 1990-06-01 Philips Nv CODER FOR INCLUDING ADDITIONAL INFORMATION IN A DIGITAL AUDIO SIGNAL WITH A PREFERRED FORMAT, A DECODER FOR DERIVING THIS ADDITIONAL INFORMATION FROM THIS DIGITAL SIGNAL, AN APPARATUS FOR RECORDING A DIGITAL SIGNAL ON A CODE OF RECORD. OBTAINED A RECORD CARRIER WITH THIS DEVICE.
US4972471A (en) 1989-05-15 1990-11-20 Gary Gross Encoding system
US5319453A (en) 1989-06-22 1994-06-07 Airtrax Method and apparatus for video signal encoding, decoding and monitoring
US4972503A (en) 1989-08-08 1990-11-20 A. C. Nielsen Company Method and apparatus for determining audience viewing habits by jamming a control signal and identifying the viewers command
US5214792A (en) 1989-09-27 1993-05-25 Alwadish David J Broadcasting system with supplemental data transmission and storge
US5210831A (en) 1989-10-30 1993-05-11 International Business Machines Corporation Methods and apparatus for insulating a branch prediction mechanism from data dependent branch table updates that result from variable test operand locations
US5191615A (en) 1990-01-17 1993-03-02 The Drummer Group Interrelational audio kinetic entertainment system
US5210820A (en) 1990-05-02 1993-05-11 Broadcast Data Systems Limited Partnership Signal recognition system and method
US5080479A (en) 1990-07-30 1992-01-14 Rosenberg Stanley L Automatic implanting of identification data in any recorded medium
US5390207A (en) 1990-11-28 1995-02-14 Novatel Communications Ltd. Pseudorandom noise ranging receiver which compensates for multipath distortion by dynamically adjusting the time delay spacing between early and late correlators
US5161251A (en) 1991-02-19 1992-11-03 Mankovitz Roy J Apparatus and methods for providing text information identifying audio program selections
EP0508845B1 (en) 1991-03-11 2001-11-07 Nippon Telegraph And Telephone Corporation Method and apparatus for image processing
US5200822A (en) 1991-04-23 1993-04-06 National Broadcasting Company, Inc. Arrangement for and method of processing data, especially for identifying and verifying airing of television broadcast programs
JPH04332089A (en) 1991-05-07 1992-11-19 Takayama:Kk Method for registering finger print data
US5251041A (en) 1991-06-21 1993-10-05 Young Philip L Method and apparatus for modifying a video signal to inhibit unauthorized videotape recording and subsequent reproduction thereof
US5402488A (en) 1991-08-30 1995-03-28 Karlock; James A. Method and apparatus for modifying a video signal
GB2292506B (en) 1991-09-30 1996-05-01 Arbitron Company The Method and apparatus for automatically identifying a program including a sound signal
FR2681997A1 (en) 1991-09-30 1993-04-02 Arbitron Cy METHOD AND DEVICE FOR AUTOMATICALLY IDENTIFYING A PROGRAM COMPRISING A SOUND SIGNAL
JPH0543159U (en) 1991-11-08 1993-06-11 カシオ電子工業株式会社 Image forming device
US5319735A (en) 1991-12-17 1994-06-07 Bolt Beranek And Newman Inc. Embedded signalling
US5294982A (en) 1991-12-24 1994-03-15 National Captioning Institute, Inc. Method and apparatus for providing dual language captioning of a television program
US5414729A (en) 1992-01-24 1995-05-09 Novatel Communications Ltd. Pseudorandom noise ranging receiver which compensates for multipath distortion by making use of multiple correlator time delay spacing
US5436653A (en) 1992-04-30 1995-07-25 The Arbitron Company Method and system for recognition of broadcast segments
JP3427392B2 (en) 1992-05-25 2003-07-14 ソニー株式会社 Encoding method
US5270480A (en) 1992-06-25 1993-12-14 Victor Company Of Japan, Ltd. Toy acting in response to a MIDI signal
US5237611A (en) 1992-07-23 1993-08-17 Crest Industries, Inc. Encryption/decryption apparatus with non-accessible table of keys
US5721788A (en) 1992-07-31 1998-02-24 Corbis Corporation Method and system for digital image signatures
US5502576A (en) 1992-08-24 1996-03-26 Ramsay International Corporation Method and apparatus for the transmission, storage, and retrieval of documents in an electronic domain
GB9222972D0 (en) 1992-11-03 1992-12-16 Thames Television Transmitting audio and data signals simultaneously
NZ259776A (en) 1992-11-16 1997-06-24 Ceridian Corp Identifying recorded or broadcast audio signals by mixing with encoded signal derived from code signal modulated by narrower bandwidth identification signal
CA2106143C (en) 1992-11-25 2004-02-24 William L. Thomas Universal broadcast code and multi-level encoded signal monitoring system
US5379345A (en) 1993-01-29 1995-01-03 Radio Audit Systems, Inc. Method and apparatus for the processing of encoded data in conjunction with an audio broadcast
JPH06268615A (en) 1993-03-11 1994-09-22 Sanyo Electric Co Ltd Fm multiplex broadcast transmitter and fm multiplex broadcast receiver
US5523794A (en) 1993-04-16 1996-06-04 Mankovitz; Roy J. Method and apparatus for portable storage and use of data transmitted by television signal
US5408258A (en) 1993-04-21 1995-04-18 The Arbitron Company Method of automatically qualifying a signal reproduction device for installation of monitoring equipment
US5404160A (en) 1993-06-24 1995-04-04 Berkeley Varitronics Systems, Inc. System and method for identifying a television program
JP3053527B2 (en) 1993-07-30 2000-06-19 インターナショナル・ビジネス・マシーンズ・コーポレイション Method and apparatus for validating a password, method and apparatus for generating and preliminary validating a password, method and apparatus for controlling access to resources using an authentication code
US5481294A (en) 1993-10-27 1996-01-02 A. C. Nielsen Company Audience measurement system utilizing ancillary codes and passive signatures
US6636615B1 (en) 1998-01-20 2003-10-21 Digimarc Corporation Methods and systems using multiple watermarks
US5841978A (en) 1993-11-18 1998-11-24 Digimarc Corporation Network linking method using steganographically embedded data objects
US6614914B1 (en) 1995-05-08 2003-09-02 Digimarc Corporation Watermark embedder and reader
ATE237197T1 (en) 1993-11-18 2003-04-15 Digimarc Corp IDENTIFICATION/CREDITION CODING METHOD AND APPARATUS
US7171016B1 (en) 1993-11-18 2007-01-30 Digimarc Corporation Method for monitoring internet dissemination of image, video and/or audio files
US5636292C1 (en) 1995-05-08 2002-06-18 Digimarc Corp Steganography methods employing embedded calibration data
US5862260A (en) 1993-11-18 1999-01-19 Digimarc Corporation Methods for surveying dissemination of proprietary empirical data
US5832119C1 (en) 1993-11-18 2002-03-05 Digimarc Corp Methods for controlling systems using control signals embedded in empirical data
US5748763A (en) 1993-11-18 1998-05-05 Digimarc Corporation Image steganography system featuring perceptually adaptive and globally scalable signal embedding
US6574350B1 (en) 1995-05-08 2003-06-03 Digimarc Corporation Digital watermarking employing both frail and robust watermarks
US6516079B1 (en) 2000-02-14 2003-02-04 Digimarc Corporation Digital watermark screening and detecting strategies
US6681029B1 (en) 1993-11-18 2004-01-20 Digimarc Corporation Decoding steganographic messages embedded in media signals
US6983051B1 (en) 1993-11-18 2006-01-03 Digimarc Corporation Methods for audio watermarking and decoding
US5581658A (en) 1993-12-14 1996-12-03 Infobase Systems, Inc. Adaptive system for broadcast program identification and reporting
JPH07163765A (en) 1993-12-16 1995-06-27 B I:Kk Remote control toy
US5508754A (en) 1994-03-22 1996-04-16 National Captioning Institute System for encoding and displaying captions for television programs
US5424785A (en) 1994-03-22 1995-06-13 National Captioning Institute System for encoding and displaying captions for television programs
US5450490A (en) 1994-03-31 1995-09-12 The Arbitron Company Apparatus and methods for including codes in audio signals and decoding
US5404377A (en) 1994-04-08 1995-04-04 Moses; Donald W. Simultaneous transmission of data and audio signals by means of perceptual coding
US5526427A (en) 1994-07-22 1996-06-11 A.C. Nielsen Company Universal broadcast code and multi-level encoded signal monitoring system
US5719619A (en) 1994-10-08 1998-02-17 Sony Corporation Bidirectional broadcasting method, bidirectional broadcasting system and receiver apparatus for bidirectional broadcast
US6021432A (en) 1994-10-31 2000-02-01 Lucent Technologies Inc. System for processing broadcast stream comprises a human-perceptible broadcast program embedded with a plurality of human-imperceptible sets of information
US7986806B2 (en) 1994-11-16 2011-07-26 Digimarc Corporation Paper products and physical objects as means to access and control a computer or to navigate over or act as a portal on a network
US5745569A (en) 1996-01-17 1998-04-28 The Dice Company Method for stega-cipher protection of computer code
US7007166B1 (en) 1994-12-28 2006-02-28 Wistaria Trading, Inc. Method and system for digital watermarking
US5943422A (en) 1996-08-12 1999-08-24 Intertrust Technologies Corp. Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US5892900A (en) 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
JPH08288928A (en) 1995-04-14 1996-11-01 Toshiba Corp Spread spectrum communication equipment
US5519454A (en) 1995-04-21 1996-05-21 Thomson Consumer Electronics, Inc. Luma/chroma separation filter with common delay element for comb filter separation and recursive noise reduction of composite video input signal
US7224819B2 (en) 1995-05-08 2007-05-29 Digimarc Corporation Integrating digital watermarks in multimedia content
US7054462B2 (en) 1995-05-08 2006-05-30 Digimarc Corporation Inferring object status based on detected watermark data
US6590996B1 (en) 2000-02-14 2003-07-08 Digimarc Corporation Color adaptive watermarking
US6728390B2 (en) 1995-05-08 2004-04-27 Digimarc Corporation Methods and systems using multiple watermarks
US6738495B2 (en) 1995-05-08 2004-05-18 Digimarc Corporation Watermarking enhanced to withstand anticipated corruptions
US5613004A (en) 1995-06-07 1997-03-18 The Dice Company Steganographic method and device
US5699427A (en) 1995-06-23 1997-12-16 International Business Machines Corporation Method to deter document and intellectual property piracy through individualization
US7711564B2 (en) 1995-07-27 2010-05-04 Digimarc Corporation Connected audio and other media objects
US7562392B1 (en) 1999-05-19 2009-07-14 Digimarc Corporation Methods of interacting with audio and ambient music
US6829368B2 (en) 2000-01-26 2004-12-07 Digimarc Corporation Establishing and interacting with on-line media collections using identifiers in media signals
US7006661B2 (en) 1995-07-27 2006-02-28 Digimarc Corp Digital watermarking systems and methods
US6505160B1 (en) 1995-07-27 2003-01-07 Digimarc Corporation Connected audio and other media objects
US6411725B1 (en) 1995-07-27 2002-06-25 Digimarc Corporation Watermark enabled video objects
US7171018B2 (en) 1995-07-27 2007-01-30 Digimarc Corporation Portable devices and methods employing digital watermarking
US5822360A (en) 1995-09-06 1998-10-13 Solana Technology Development Corporation Method and apparatus for transporting auxiliary data in audio signals
US5937000A (en) 1995-09-06 1999-08-10 Solana Technology Development Corporation Method and apparatus for embedding auxiliary data in a primary data signal
JPH0983926A (en) 1995-09-07 1997-03-28 Sony Corp Id reading and writing device
EP0766468B1 (en) 1995-09-28 2006-05-03 Nec Corporation Method and system for inserting a spread spectrum watermark into multimedia data
US5850249A (en) 1995-10-12 1998-12-15 Nielsen Media Research, Inc. Receiver monitoring system with local encoding
US5752880A (en) 1995-11-20 1998-05-19 Creator Ltd. Interactive doll
US5719937A (en) 1995-12-06 1998-02-17 Solana Technology Develpment Corporation Multi-media copy management system
US5687191A (en) 1995-12-06 1997-11-11 Solana Technology Development Corporation Post-compression hidden data transport
WO1997022206A1 (en) 1995-12-11 1997-06-19 Philips Electronics N.V. Marking a video and/or audio signal
WO1997025798A1 (en) 1996-01-11 1997-07-17 Mrj, Inc. System for controlling access and distribution of digital property
US5822432A (en) 1996-01-17 1998-10-13 The Dice Company Method for human-assisted random key generation and application for digital watermark system
US5761606A (en) 1996-02-08 1998-06-02 Wolzien; Thomas R. Media online services access via address embedded in video or audio program
US5901178A (en) 1996-02-26 1999-05-04 Solana Technology Development Corporation Post-compression hidden data transport for video
US6035177A (en) 1996-02-26 2000-03-07 Donald W. Moses Simultaneous transmission of ancillary and audio signals by means of perceptual coding
EP0875107B1 (en) 1996-03-07 1999-09-01 Fraunhofer-Gesellschaft Zur Förderung Der Angewandten Forschung E.V. Coding process for inserting an inaudible data signal into an audio signal, decoding process, coder and decoder
US5664018A (en) 1996-03-12 1997-09-02 Leighton; Frank Thomson Watermarking process resilient to collusion attacks
US5949885A (en) 1996-03-12 1999-09-07 Leighton; F. Thomson Method for protecting content using watermarking
AU2435297A (en) 1996-04-02 1997-11-07 Theodore G Handel Data embedding
US5828325A (en) 1996-04-03 1998-10-27 Aris Technologies, Inc. Apparatus and method for encoding and decoding information in analog signals
US5870030A (en) 1996-04-04 1999-02-09 Motorola, Inc. Advertiser pays information and messaging system and apparatus
US20030056103A1 (en) 2000-12-18 2003-03-20 Levy Kenneth L. Audio/video commerce application architectural framework
US6128597A (en) 1996-05-03 2000-10-03 Lsi Logic Corporation Audio decoder with a reconfigurable downmixing/windowing pipeline and method therefor
US6381341B1 (en) 1996-05-16 2002-04-30 Digimarc Corporation Watermark encoding method exploiting biases inherent in original signal
US5893067A (en) 1996-05-31 1999-04-06 Massachusetts Institute Of Technology Method and apparatus for echo data hiding in audio signals
US5778108A (en) 1996-06-07 1998-07-07 Electronic Data Systems Corporation Method and system for detecting transitional markers such as uniform fields in a video signal
US5889868A (en) 1996-07-02 1999-03-30 The Dice Company Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data
US7177429B2 (en) 2000-12-07 2007-02-13 Blue Spike, Inc. System and methods for permitting open access to data objects and for securing data within the data objects
US6078664A (en) 1996-12-20 2000-06-20 Moskowitz; Scott A. Z-transform implementation of digital watermarks
JP3982836B2 (en) 1996-07-16 2007-09-26 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Method for detecting watermark information embedded in an information signal
US6282299B1 (en) 1996-08-30 2001-08-28 Regents Of The University Of Minnesota Method and apparatus for video watermarking using perceptual masks
US6031914A (en) 1996-08-30 2000-02-29 Regents Of The University Of Minnesota Method and apparatus for embedding data, including watermarks, in human perceptible images
US7366908B2 (en) 1996-08-30 2008-04-29 Digimarc Corporation Digital watermarking with content dependent keys and autocorrelation properties for synchronization
US6061793A (en) 1996-08-30 2000-05-09 Regents Of The University Of Minnesota Method and apparatus for embedding data, including watermarks, in human perceptible sounds
US5848155A (en) 1996-09-04 1998-12-08 Nec Research Institute, Inc. Spread spectrum watermark for embedded signalling
US5809139A (en) 1996-09-13 1998-09-15 Vivo Software, Inc. Watermarking method and apparatus for compressed digital video
JP3109575B2 (en) 1996-09-30 2000-11-20 日本電気株式会社 Image data processing device
US5986692A (en) 1996-10-03 1999-11-16 Logan; James D. Systems and methods for computer enhanced broadcast monitoring
US5825892A (en) 1996-10-28 1998-10-20 International Business Machines Corporation Protecting images with an image watermark
JP3716519B2 (en) 1996-11-15 2005-11-16 オムロン株式会社 Camera, external device and image processing device
JP3172475B2 (en) 1996-12-26 2001-06-04 日本アイ・ビー・エム株式会社 Data hiding method and data extraction method using statistical test
GB9700854D0 (en) 1997-01-16 1997-03-05 Scient Generics Ltd Sub-audible acoustic data transmission mechanism
JP2000509588A (en) 1997-01-27 2000-07-25 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Method and system for transferring content information and related supplementary information
CA2227381C (en) 1997-02-14 2001-05-29 Nec Corporation Image data encoding system and image inputting apparatus
US5940429A (en) 1997-02-25 1999-08-17 Solana Technology Development Corporation Cross-term compensation power adjustment of embedded auxiliary data in a primary data signal
US6189123B1 (en) 1997-03-26 2001-02-13 Telefonaktiebolaget Lm Ericsson Method and apparatus for communicating a block of digital information between a sending and a receiving station
US6044156A (en) 1997-04-28 2000-03-28 Eastman Kodak Company Method for generating an improved carrier for use in an image data embedding application
US6181364B1 (en) 1997-05-16 2001-01-30 United Video Properties, Inc. System for filtering content from videos
US6427012B1 (en) 1997-05-19 2002-07-30 Verance Corporation Apparatus and method for embedding and extracting information in analog signals using replica modulation
US5940135A (en) 1997-05-19 1999-08-17 Aris Technologies, Inc. Apparatus and method for encoding and decoding information in analog signals
EP1002388B1 (en) 1997-05-19 2006-08-09 Verance Corporation Apparatus and method for embedding and extracting information in analog signals using distributed signal features
IL128233A0 (en) 1997-05-29 1999-11-30 Koninkl Philips Electronics Nv Method and arrangement for detecting a watermark
US5960081A (en) 1997-06-05 1999-09-28 Cray Research, Inc. Embedding a digital signature in a video sequence
US6067440A (en) 1997-06-12 2000-05-23 Diefes; Gunther Cable services security system
JPH118753A (en) 1997-06-18 1999-01-12 Nec Corp Electronic watermark insertion device
US6222932B1 (en) 1997-06-27 2001-04-24 International Business Machines Corporation Automatic adjustment of image watermark strength based on computed image texture
JP2915904B2 (en) 1997-07-07 1999-07-05 松下電器産業株式会社 Data control method, data control information embedding method, data control information detection method, data control information embedding device, data control information detection device, and recording device
GB9715067D0 (en) 1997-07-16 1997-09-24 Forward Hygiene Services Limit Tamper resistant bait station for rats
US5940124A (en) 1997-07-18 1999-08-17 Tektronix, Inc. Attentional maps in objective measurement of video quality degradation
IL121642A0 (en) 1997-08-27 1998-02-08 Creator Ltd Interactive talking toy
KR100306457B1 (en) 1997-09-02 2001-10-19 가나이 쓰도무 Data transmission method for embedded data, data transmitting and reproducing apparatuses and information recording medium therefor
CN1160935C (en) 1997-09-02 2004-08-04 皇家菲利浦电子有限公司 Watermaking information signal
DE69828148T2 (en) 1997-09-02 2005-12-22 Koninklijke Philips Electronics N.V. METHOD AND APPARATUS FOR WATERMARK EVALUATION
US6253189B1 (en) 1997-09-15 2001-06-26 At&T Corp. System and method for completing advertising time slot transactions
JP4064506B2 (en) 1997-09-17 2008-03-19 パイオニア株式会社 Digital watermark superimposing method, detecting method and apparatus
PT1020077E (en) 1997-10-08 2002-12-31 Digimarc Corp PROCESS AND APPARATUS FOR A UNIQUE COPY WATER BRAND FOR A VIDEO GRAVACATION
US6388712B1 (en) 1997-10-09 2002-05-14 Kabushiki Kaisha Toshiba System for verifying broadcast of a commercial message
US6094228A (en) 1997-10-28 2000-07-25 Ciardullo; Daniel Andrew Method for transmitting data on viewable portion of a video signal
US5945932A (en) 1997-10-30 1999-08-31 Audiotrack Corporation Technique for embedding a code in an audio signal and for detecting the embedded code
US6173271B1 (en) 1997-11-26 2001-01-09 California Institute Of Technology Television advertising automated billing system
US6330672B1 (en) 1997-12-03 2001-12-11 At&T Corp. Method and apparatus for watermarking digital bitstreams
US6037984A (en) 1997-12-24 2000-03-14 Sarnoff Corporation Method and apparatus for embedding a watermark into a digital image or image sequence
IL137370A0 (en) 1998-01-20 2001-07-24 Digimarc Corp Multiple watermarking techniques
US6804376B2 (en) 1998-01-20 2004-10-12 Digimarc Corporation Equipment employing watermark-based authentication function
JP3673664B2 (en) 1998-01-30 2005-07-20 キヤノン株式会社 Data processing apparatus, data processing method, and storage medium
US6145081A (en) 1998-02-02 2000-11-07 Verance Corporation Method and apparatus for preventing removal of embedded information in cover signals
JP3502554B2 (en) 1998-02-04 2004-03-02 シャープ株式会社 Developing device
CN1153456C (en) 1998-03-04 2004-06-09 皇家菲利浦电子有限公司 Water-mark detection
US6373974B2 (en) 1998-03-16 2002-04-16 Sharp Laboratories Of America, Inc. Method for extracting multiresolution watermark images to determine rightful ownership
TW440819B (en) 1998-03-18 2001-06-16 Koninkl Philips Electronics Nv Copy protection schemes for copy protected digital material
US6661905B1 (en) 1998-03-23 2003-12-09 Koplar Interactive Systems International Llc Method for transmitting data on a viewable portion of a video signal
US6557103B1 (en) 1998-04-13 2003-04-29 The United States Of America As Represented By The Secretary Of The Army Spread spectrum image steganography
US6160986A (en) 1998-04-16 2000-12-12 Creator Ltd Interactive toy
US7756892B2 (en) 2000-05-02 2010-07-13 Digimarc Corporation Using embedded data with file sharing
US6314106B1 (en) 1998-04-20 2001-11-06 Alcatel Internetworking, Inc. Receive processing for dedicated bandwidth data communication switch backplane
US6888943B1 (en) 1998-04-21 2005-05-03 Verance Corporation Multimedia adaptive scrambling system (MASS)
JP3358532B2 (en) 1998-04-27 2002-12-24 日本電気株式会社 Receiving device using electronic watermark
US6487301B1 (en) 1998-04-30 2002-11-26 Mediasec Technologies Llc Digital authentication with digital and analog documents
JP3214555B2 (en) 1998-05-06 2001-10-02 日本電気株式会社 Digital watermark insertion device
US6792542B1 (en) 1998-05-12 2004-09-14 Verance Corporation Digital system for embedding a pseudo-randomly modulated auxiliary data sequence in digital samples
JP3201347B2 (en) 1998-05-15 2001-08-20 日本電気株式会社 Image attribute change device and digital watermark device
US6553127B1 (en) 1998-05-20 2003-04-22 Macrovision Corporation Method and apparatus for selective block processing
US6400826B1 (en) 1998-05-21 2002-06-04 Massachusetts Institute Of Technology System, method, and product for distortion-compensated information embedding using an ensemble of non-intersecting embedding generators
US6233347B1 (en) 1998-05-21 2001-05-15 Massachusetts Institute Of Technology System method, and product for information embedding using an ensemble of non-intersecting embedding generators
EP1080442A1 (en) 1998-05-28 2001-03-07 Solana Technology Development Corporation Pre-processed information embedding system
US7644282B2 (en) 1998-05-28 2010-01-05 Verance Corporation Pre-processed information embedding system
US6912315B1 (en) 1998-05-28 2005-06-28 Verance Corporation Pre-processed information embedding system
JP3156667B2 (en) 1998-06-01 2001-04-16 日本電気株式会社 Digital watermark insertion system, digital watermark characteristic table creation device
US6332194B1 (en) 1998-06-05 2001-12-18 Signafy, Inc. Method for data preparation and watermark insertion
US6285774B1 (en) 1998-06-08 2001-09-04 Digital Video Express, L.P. System and methodology for tracing to a source of unauthorized copying of prerecorded proprietary material, such as movies
US6523113B1 (en) 1998-06-09 2003-02-18 Apple Computer, Inc. Method and apparatus for copy protection
US6154571A (en) 1998-06-24 2000-11-28 Nec Research Institute, Inc. Robust digital watermarking
JP2000020600A (en) 1998-07-06 2000-01-21 Hitachi Ltd Method for providing digital contents, method for monitoring its illegal usage, its providing device and device for monitoring its illegal usage
US6490355B1 (en) 1998-07-14 2002-12-03 Koninklijke Philips Electronics N.V. Method and apparatus for use of a time-dependent watermark for the purpose of copy protection
US6530021B1 (en) 1998-07-20 2003-03-04 Koninklijke Philips Electronics N.V. Method and system for preventing unauthorized playback of broadcasted digital data streams
US6944313B1 (en) 1998-08-06 2005-09-13 Canon Kabushiki Kaisha Method and device for inserting and decoding a watermark in digital data
JP4083302B2 (en) 1998-08-12 2008-04-30 株式会社東芝 Video scrambling / descrambling device
US6226618B1 (en) 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US6253113B1 (en) 1998-08-20 2001-06-26 Honeywell International Inc Controllers that determine optimal tuning parameters for use in process control systems and methods of operating the same
JP3722995B2 (en) 1998-08-21 2005-11-30 株式会社メガチップス Watermark encoding method and decoding method
AU6131899A (en) 1998-08-31 2000-03-21 Digital Video Express, L.P. Watermarking system and methodology for digital multimedia content
US6704431B1 (en) 1998-09-04 2004-03-09 Nippon Telegraph And Telephone Corporation Method and apparatus for digital watermarking
US7043536B1 (en) 1998-09-11 2006-05-09 Lv Partners, L.P. Method for controlling a computer using an embedded unique code in the content of CD media
US7373513B2 (en) 1998-09-25 2008-05-13 Digimarc Corporation Transmarking of multimedia signals
US8332478B2 (en) 1998-10-01 2012-12-11 Digimarc Corporation Context sensitive connected content
KR100351485B1 (en) 1998-10-08 2002-09-05 마츠시타 덴끼 산교 가부시키가이샤 Data processor and data recorded medium
US6209094B1 (en) 1998-10-14 2001-03-27 Liquid Audio Inc. Robust watermark method and apparatus for digital signals
JP3881794B2 (en) 1998-10-27 2007-02-14 興和株式会社 Digital watermark embedding method and decoding method thereof
JP3733251B2 (en) 1998-11-13 2006-01-11 キヤノン株式会社 Information processing apparatus, control method therefor, and computer-readable recording medium
JP3596590B2 (en) 1998-11-18 2004-12-02 ソニー株式会社 Apparatus and method for appending accompanying information, apparatus and method for detecting accompanying information
JP2000163870A (en) 1998-11-20 2000-06-16 Sony Corp Voice information control device and method
JP4240614B2 (en) 1998-12-04 2009-03-18 キヤノン株式会社 Embedded device and computer-readable storage medium
GB2363300B (en) 1998-12-29 2003-10-01 Kent Ridge Digital Labs Digital audio watermarking using content-adaptive multiple echo hopping
US6678389B1 (en) 1998-12-29 2004-01-13 Kent Ridge Digital Labs Method and apparatus for embedding digital information in digital multimedia data
US7162642B2 (en) * 1999-01-06 2007-01-09 Digital Video Express, L.P. Digital content distribution system and method
US6442283B1 (en) 1999-01-11 2002-08-27 Digimarc Corporation Multimedia data embedding
JP3397157B2 (en) 1999-01-13 2003-04-14 日本電気株式会社 Digital watermark insertion system
US6591365B1 (en) 1999-01-21 2003-07-08 Time Warner Entertainment Co., Lp Copy protection control system
EP1022678B1 (en) 1999-01-25 2011-03-23 Nippon Telegraph And Telephone Corporation Method, apparatus and program storage medium for embedding and detecting a digital watermark
WO2000045604A1 (en) 1999-01-29 2000-08-03 Sony Corporation Signal processing method and video/voice processing device
US6449496B1 (en) 1999-02-08 2002-09-10 Qualcomm Incorporated Voice recognition user interface for telephone handsets
GB9905777D0 (en) 1999-03-12 1999-05-05 Univ London A method and apparatus for generating multiple watermarked copies of an information signal
US6556688B1 (en) 1999-03-15 2003-04-29 Seiko Epson Corporation Watermarking with random zero-mean patches for printer tracking
JP3607521B2 (en) 1999-03-24 2005-01-05 株式会社東芝 Digital watermark embedding device, digital watermark detection device, digital information distribution device, and storage medium
US7319759B1 (en) 1999-03-27 2008-01-15 Microsoft Corporation Producing a new black box for a digital rights management (DRM) system
US7334247B1 (en) 1999-03-29 2008-02-19 The Directv Group, Inc. Method and apparatus for watermarking received television content
US6823455B1 (en) * 1999-04-08 2004-11-23 Intel Corporation Method for robust watermarking of content
US6510234B1 (en) 1999-05-12 2003-01-21 Signafy, Inc. Method for increasing the functionality of a media player/recorder device
US6522769B1 (en) 1999-05-19 2003-02-18 Digimarc Corporation Reconfiguring a watermark detector
US6801999B1 (en) 1999-05-20 2004-10-05 Microsoft Corporation Passive and active software objects containing bore resistant watermarking
US6952774B1 (en) 1999-05-22 2005-10-04 Microsoft Corporation Audio watermarking with dual watermarks
US6871180B1 (en) 1999-05-25 2005-03-22 Arbitron Inc. Decoding of information in audio signals
US6757908B1 (en) 1999-05-28 2004-06-29 3Com Corporation Graphical representation of impairment or other conditions in a data-over-cable system
US6785815B1 (en) 1999-06-08 2004-08-31 Intertrust Technologies Corp. Methods and systems for encoding and protecting data using digital signature and watermarking techniques
GB2351405B (en) 1999-06-21 2003-09-24 Motorola Ltd Watermarked digital images
JP2001005783A (en) 1999-06-23 2001-01-12 Namco Ltd Personal identification system
JP2001022366A (en) 1999-07-12 2001-01-26 Roland Corp Method and device for embedding electronic watermark in waveform data
US7020285B1 (en) 1999-07-13 2006-03-28 Microsoft Corporation Stealthy audio watermarking
US7430670B1 (en) 1999-07-29 2008-09-30 Intertrust Technologies Corp. Software self-defense systems and methods
DE19936049A1 (en) 1999-07-30 2001-02-01 Graf & Co Ag Circular comb clothing, for processing fibres, is divided into segments where the leading segment has a weaker combing action than the following segments to ensure a bond between fiber tufts and previously combed sliver fibers
US6577747B1 (en) 1999-08-05 2003-06-10 Koninklijke Philips Electronics N. V. Detection of auxiliary data in an information signal
DK1198959T3 (en) 1999-08-06 2003-06-02 Macrovision Corp A scaling independent technique for watermarking images
JP2001061052A (en) 1999-08-20 2001-03-06 Nec Corp Method for inserting electronic watermark data, its device and electronic watermark data detector
US7502759B2 (en) 1999-08-30 2009-03-10 Digimarc Corporation Digital watermarking methods and related toy and game applications
US6834344B1 (en) 1999-09-17 2004-12-21 International Business Machines Corporation Semi-fragile watermarks
KR100740792B1 (en) 1999-09-27 2007-07-20 코닌클리케 필립스 일렉트로닉스 엔.브이. Watermark detection method and watermark detection system
JP2001119555A (en) 1999-10-19 2001-04-27 Kowa Co Electronic watermark for time series processed linear data
US6571144B1 (en) 1999-10-20 2003-05-27 Intel Corporation System for providing a digital watermark in an audio signal
EP1098522A1 (en) 1999-11-05 2001-05-09 Sony United Kingdom Limited Method and apparatus for identifying a digital signal with a watermark
US6628729B1 (en) 1999-11-12 2003-09-30 Zenith Electronics Corporation Apparatus and method for downloading and storing data from a digital receiver
US6947893B1 (en) 1999-11-19 2005-09-20 Nippon Telegraph & Telephone Corporation Acoustic signal transmission with insertion signal for machine control
JP2001242786A (en) 1999-12-20 2001-09-07 Fuji Photo Film Co Ltd Device and method for distribution, and recording medium
WO2001047269A1 (en) 1999-12-21 2001-06-28 Robbins Thomas D Automatic reminder system using transmitted id codes
JP2001188549A (en) 1999-12-29 2001-07-10 Sony Corp Information process, information processing method and program storage medium
US6915481B1 (en) 2000-01-11 2005-07-05 Cognicity, Inc. Transactional watermarking
WO2001054035A1 (en) 2000-01-19 2001-07-26 California Institute Of Technology Internet based tracking of commercial airings
JP2001218006A (en) 2000-01-31 2001-08-10 Canon Inc Picture processor, picture processing method and storage medium
US6625297B1 (en) 2000-02-10 2003-09-23 Digimarc Corporation Self-orienting watermarks
US8355525B2 (en) 2000-02-14 2013-01-15 Digimarc Corporation Parallel processing of digital watermarking operations
US6737957B1 (en) 2000-02-16 2004-05-18 Verance Corporation Remote control signaling using audio watermarks
US7426750B2 (en) 2000-02-18 2008-09-16 Verimatrix, Inc. Network-based content distribution system
JP3789069B2 (en) 2000-02-29 2006-06-21 キヤノン株式会社 Digital watermark embedding apparatus and method, program and storage medium, and digital watermark extraction apparatus and method, program and storage medium
EP1134977A1 (en) 2000-03-06 2001-09-19 Irdeto Access B.V. Method and system for providing copies of scrambled content with unique watermarks, and system for descrambling scrambled content
US6654501B1 (en) 2000-03-06 2003-11-25 Intel Corporation Method of integrating a watermark into an image
JP3656728B2 (en) 2000-03-10 2005-06-08 株式会社日立製作所 Information embedding method and extraction method using digital watermark
WO2001069452A2 (en) 2000-03-14 2001-09-20 Blue Dolphin Group, Inc. Method of selecting content for a user
US7142691B2 (en) 2000-03-18 2006-11-28 Digimarc Corporation Watermark embedding functions in rendering description files
ATE359563T1 (en) 2000-03-20 2007-05-15 Ibm METHOD AND SYSTEM FOR REVERSIBLE MARKING OF A TEXT DOCUMENT WITH A SAMPLE OF ADDITIONAL SPACES FOR CERTIFICATION
US7046808B1 (en) 2000-03-24 2006-05-16 Verance Corporation Method and apparatus for detecting processing stages applied to a signal
US7673315B1 (en) 2000-03-30 2010-03-02 Microsoft Corporation System and method for providing program criteria representing audio and/or visual programming
US6707926B1 (en) 2000-03-31 2004-03-16 Intel Corporation Template for watermark decoder synchronization
WO2001075794A2 (en) 2000-04-05 2001-10-11 Sony United Kingdom Limited Identifying material
JP3690726B2 (en) 2000-04-13 2005-08-31 インターナショナル・ビジネス・マシーンズ・コーポレーション Data processing apparatus, image processing apparatus, and methods thereof
AU2001255445A1 (en) 2000-04-17 2001-10-30 Digimarc Corporation Authentication of physical and electronic media objects using digital watermarks
JP2001312570A (en) 2000-04-28 2001-11-09 Matsushita Electric Ind Co Ltd Copyright protection device, copyright protection system, copyright protection verification device, medium and information collectivity
US7167599B1 (en) 2000-05-03 2007-01-23 Thomson Licensing Method and device for controlling multimedia data watermark
JP2001326952A (en) 2000-05-15 2001-11-22 Nec Corp Broadcast confirmation system, method and device for broadcast confirmation, and recording medium with broadcast confirmation program recorded thereon
JP2002042413A (en) 2000-05-18 2002-02-08 Sony Corp Data recording medium, method and device for recording data, method and device for reproducing data, method and device for recording and reproducing data, method and device for transmitting data, method and device for receiving data, and contents data
JP2001339700A (en) 2000-05-26 2001-12-07 Nec Corp Digital watermark processor, its insertion method and its detection method
JP4649760B2 (en) * 2000-05-31 2011-03-16 ソニー株式会社 Content / copy management system and method, information processing apparatus and method, and storage medium
US20040021549A1 (en) 2000-06-10 2004-02-05 Jong-Uk Choi System and method of providing and autheticating works and authorship based on watermark technique
JP2002010057A (en) 2000-06-20 2002-01-11 Ricoh Co Ltd Color image forming device
US7617509B1 (en) 2000-06-23 2009-11-10 International Business Machines Corporation Method and system for automated monitoring of quality of service of digital video material distribution and play-out
JP2002027223A (en) 2000-07-05 2002-01-25 Konica Corp Data processing device and data controlling system
JP3973346B2 (en) 2000-07-06 2007-09-12 株式会社日立製作所 CONTENT DISTRIBUTION SYSTEM, CONTENT REPRODUCTION DEVICE, CONTENT DISTRIBUTION DEVICE, AND STORAGE MEDIUM
JP3809323B2 (en) 2000-07-06 2006-08-16 株式会社日立製作所 Method for embedding digital watermark information and method for analyzing possibility of embedding digital watermark information
JP4305593B2 (en) 2000-07-17 2009-07-29 ソニー株式会社 DATA RECORDING / REPRODUCING METHOD AND DEVICE, DATA RECORDING DEVICE AND METHOD
US6594373B1 (en) 2000-07-19 2003-07-15 Digimarc Corporation Multi-carrier watermarks using carrier signals modulated with auxiliary messages
US6721439B1 (en) 2000-08-18 2004-04-13 Hewlett-Packard Development Company, L.P. Method and system of watermarking digital data using scaled bin encoding and maximum likelihood decoding
US6430301B1 (en) 2000-08-30 2002-08-06 Verance Corporation Formation and analysis of signals with common and transaction watermarks
JP3691415B2 (en) 2000-09-01 2005-09-07 松下電器産業株式会社 REPRODUCTION DEVICE, REPRODUCTION DEVICE SPECIFICING DEVICE, AND METHOD THEREOF
JP3511502B2 (en) 2000-09-05 2004-03-29 インターナショナル・ビジネス・マシーンズ・コーポレーション Data processing detection system, additional information embedding device, additional information detection device, digital content, music content processing device, additional data embedding method, content processing detection method, storage medium, and program transmission device
US6760464B2 (en) 2000-10-11 2004-07-06 Digimarc Corporation Halftone watermarking and related applications
JP3700565B2 (en) 2000-09-11 2005-09-28 セイコーエプソン株式会社 Printing system and content data reproduction system
US7246239B2 (en) 2001-01-24 2007-07-17 Digimarc Corporation Digital watermarks for checking authenticity of printed objects
US6674876B1 (en) 2000-09-14 2004-01-06 Digimarc Corporation Watermarking in the time-frequency domain
AU2001292910B2 (en) 2000-09-22 2008-05-01 Sca Ipla Holdings, Inc. Systems and methods for preventing unauthorized use of digital content
US20040064416A1 (en) 2000-10-03 2004-04-01 Ariel Peled Secure distribution of digital content
US6829582B1 (en) 2000-10-10 2004-12-07 International Business Machines Corporation Controlled access to audio signals based on objectionable audio content detected via sound recognition
US6512837B1 (en) 2000-10-11 2003-01-28 Digimarc Corporation Watermarks carrying content dependent signal metrics for detecting and characterizing signal alteration
JP3807220B2 (en) 2000-10-18 2006-08-09 日本電気株式会社 Digital watermark detection apparatus and digital watermark detection method
JP4346809B2 (en) 2000-10-19 2009-10-21 エヌ・ティ・ティ・ソフトウェア株式会社 Digital watermark information detection method
US6748360B2 (en) 2000-11-03 2004-06-08 International Business Machines Corporation System for selling a product utilizing audio content identification
US7085613B2 (en) 2000-11-03 2006-08-01 International Business Machines Corporation System for monitoring audio content in a video broadcast
AU2001296667A1 (en) 2000-11-09 2002-05-21 Macrovision Corporation Method and apparatus for determining digital a/v content distribution terms based on detected piracy levels
US7043049B2 (en) 2000-11-30 2006-05-09 Intel Corporation Apparatus and method for monitoring streamed multimedia quality using digital watermark
US6925342B2 (en) 2000-12-05 2005-08-02 Koninklijke Philips Electronics N.V. System and method for protecting digital media
JP4320951B2 (en) 2000-12-06 2009-08-26 ソニー株式会社 Recording apparatus and recording / reproducing apparatus
EP1215907A3 (en) 2000-12-07 2006-04-26 Sony United Kingdom Limited Watermarking material and transferring watermarked material
US20020080976A1 (en) 2000-12-14 2002-06-27 Schreer Scott P. System and method for accessing authorized recordings
US6483927B2 (en) 2000-12-18 2002-11-19 Digimarc Corporation Synchronizing readers of hidden auxiliary data in quantization-based data hiding schemes
US8055899B2 (en) 2000-12-18 2011-11-08 Digimarc Corporation Systems and methods using digital watermarking and identifier extraction to provide promotional opportunities
AU2002232817A1 (en) 2000-12-21 2002-07-01 Digimarc Corporation Methods, apparatus and programs for generating and utilizing content signatures
US6965683B2 (en) 2000-12-21 2005-11-15 Digimarc Corporation Routing networks for use with watermark systems
US6856693B2 (en) 2000-12-22 2005-02-15 Nec Laboratories America, Inc. Watermarking with cone-forest detection regions
US6912294B2 (en) 2000-12-29 2005-06-28 Contentguard Holdings, Inc. Multi-stage watermarking process and system
FR2819672B1 (en) 2001-01-18 2003-04-04 Canon Kk METHOD AND DEVICE FOR TRANSMITTING AND RECEIVING DIGITAL IMAGES USING AN IMAGE MARKER FOR DECODING
US7058815B2 (en) 2001-01-22 2006-06-06 Cisco Technology, Inc. Method and system for digitally signing MPEG streams
JP2002232693A (en) 2001-02-02 2002-08-16 Ntt Electornics Corp Method and system for managing digital watermark, digital watermark embedding processor, digital watermark detection processor, recording medium with digital watermark management program recorded, recording medium with contents including electronic watermark recorded, electronic data delivery management device, and characteristic adjustment device for electronic data transmission
ATE505905T1 (en) 2001-02-09 2011-04-15 Canon Kk INFORMATION PROCESSING DEVICE AND ITS CONTROL METHODS, COMPUTER PROGRAM, AND STORAGE MEDIUM
US6891958B2 (en) 2001-02-27 2005-05-10 Microsoft Corporation Asymmetric spread-spectrum watermarking systems and methods of use
US6664976B2 (en) 2001-04-18 2003-12-16 Digimarc Corporation Image management system and methods using digital watermarks
US6931536B2 (en) 2001-03-06 2005-08-16 Macrovision Corporation Enhanced copy protection of proprietary material employing multiple watermarks
TW582022B (en) 2001-03-14 2004-04-01 Ibm A method and system for the automatic detection of similar or identical segments in audio recordings
US7987510B2 (en) 2001-03-28 2011-07-26 Rovi Solutions Corporation Self-protecting digital content
US7111169B2 (en) * 2001-03-29 2006-09-19 Intel Corporation Method and apparatus for content protection across a source-to-destination interface
US6785401B2 (en) 2001-04-09 2004-08-31 Tektronix, Inc. Temporal synchronization of video watermark decoding
US7047413B2 (en) 2001-04-23 2006-05-16 Microsoft Corporation Collusion-resistant watermarking and fingerprinting
US7024018B2 (en) 2001-05-11 2006-04-04 Verance Corporation Watermark position modulation
JP2003091927A (en) 2001-05-14 2003-03-28 Sony Corp Recording medium, playback apparatus and method for recording medium, recording apparatus and method of recording medium and data output method
US20030056213A1 (en) 2001-05-16 2003-03-20 Mcfaddin James E. Method and system for delivering a composite information stream over a computer network
US6996717B2 (en) 2001-05-24 2006-02-07 Matsushita Electric Industrial Co., Ltd. Semi-fragile watermarking system for MPEG video authentication
US7113613B2 (en) 2001-06-08 2006-09-26 Hitachi, Ltd. Watermark information detection method
US7581103B2 (en) 2001-06-13 2009-08-25 Intertrust Technologies Corporation Software self-checking systems and methods
DE10129239C1 (en) 2001-06-18 2002-10-31 Fraunhofer Ges Forschung Audio signal water-marking method processes water-mark signal before embedding in audio signal so that it is not audibly perceived
JP2003008873A (en) 2001-06-21 2003-01-10 Nippon Telegr & Teleph Corp <Ntt> Method and device for electronic key management
US20030016825A1 (en) 2001-07-10 2003-01-23 Eastman Kodak Company System and method for secure watermarking of a digital image sequence
US7877438B2 (en) 2001-07-20 2011-01-25 Audible Magic Corporation Method and apparatus for identifying new media content
JP2003039770A (en) 2001-07-27 2003-02-13 Canon Inc Image processor and its controlling method
US7298865B2 (en) 2001-07-30 2007-11-20 Sarnoff Corporation Secure robust high-fidelity watermarking
JP4398242B2 (en) 2001-07-31 2010-01-13 グレースノート インコーポレイテッド Multi-stage identification method for recording
US20030031317A1 (en) 2001-08-13 2003-02-13 Michael Epstein Increasing the size of a data-set and watermarking
US20030053655A1 (en) 2001-08-16 2003-03-20 Barone Samuel T. Digital data monitoring and logging in an ITV system
US7068809B2 (en) 2001-08-27 2006-06-27 Digimarc Corporation Segmentation in digital watermarking
GB2379349B (en) 2001-08-31 2006-02-08 Sony Uk Ltd Embedding data in material
US6592516B2 (en) 2001-10-09 2003-07-15 Ching-Chuan Lee Interactive control system of a sexual delight appliance
US7006656B2 (en) 2001-10-15 2006-02-28 The Research Foundation Of Suny Lossless embedding of data in digital objects
WO2003034313A2 (en) 2001-10-18 2003-04-24 Macrovision Corporation Systems and methods for providing digital rights management compatibility
JP3902536B2 (en) 2001-11-28 2007-04-11 日本ビクター株式会社 Variable length data encoding method and variable length data encoding apparatus
JP2003168262A (en) 2001-11-29 2003-06-13 Toshiba Corp Apparatus and method for recording contents containing watermark
US7515730B2 (en) 2001-12-13 2009-04-07 Digimarc Corporation Progressive image quality control using watermarking
US7392392B2 (en) 2001-12-13 2008-06-24 Digimarc Corporation Forensic digital watermarking with variable orientation and protocols
US7392394B2 (en) 2001-12-13 2008-06-24 Digimarc Corporation Digital watermarking with variable orientation and protocols
GB2383220B (en) 2001-12-13 2005-11-30 Sony Uk Ltd Data processing apparatus and method
US8059815B2 (en) 2001-12-13 2011-11-15 Digimarc Corporation Transforming data files into logical storage units for auxiliary data through reversible watermarks
US20030115504A1 (en) 2001-12-19 2003-06-19 Holliman Matthew J. Measurement of data degradation using watermarks
US6944771B2 (en) 2001-12-20 2005-09-13 Koninklijke Philips Electronics N.V. Method and apparatus for overcoming a watermark security system
CN100534181C (en) 2001-12-21 2009-08-26 皇家飞利浦电子股份有限公司 Increasing integrity of watermarks using robust features
US20030131350A1 (en) 2002-01-08 2003-07-10 Peiffer John C. Method and apparatus for identifying a digital audio signal
US6996249B2 (en) 2002-01-11 2006-02-07 Nec Laboratories America, Inc. Applying informed coding, informed embedding and perceptual shaping to design a robust, high-capacity watermark
WO2003062960A2 (en) 2002-01-22 2003-07-31 Digimarc Corporation Digital watermarking and fingerprinting including symchronization, layering, version control, and compressed embedding
US7231061B2 (en) 2002-01-22 2007-06-12 Digimarc Corporation Adaptive prediction filtering for digital watermarking
US7840005B2 (en) 2002-01-22 2010-11-23 Digimarc Corporation Synchronization of media signals
US7328345B2 (en) 2002-01-29 2008-02-05 Widevine Technologies, Inc. Method and system for end to end securing of content for video on demand
JP4107851B2 (en) 2002-02-13 2008-06-25 三洋電機株式会社 Digital watermark embedding method and encoding device and decoding device capable of using the method
US7054461B2 (en) 2002-02-15 2006-05-30 Pitney Bowes Inc. Authenticating printed objects using digital watermarks associated with multidimensional quality metrics
JP2002354232A (en) 2002-03-20 2002-12-06 Canon Inc Information processing system, information processor, information processing method, and storage medium storing program to be read by computer for implementing such system, processor and method
GB2386782B (en) 2002-03-22 2005-09-21 Sony Uk Ltd Material storage
JP4186531B2 (en) 2002-03-25 2008-11-26 富士ゼロックス株式会社 Data embedding method, data extracting method, data embedding extracting method, and system
US7533027B2 (en) 2002-04-02 2009-05-12 Warner Bros. Entertainment Inc. Methods and apparatus for uniquely identifying a large number of film prints
US6912010B2 (en) 2002-04-15 2005-06-28 Tektronix, Inc. Automated lip sync error correction
US7389421B2 (en) 2002-04-18 2008-06-17 Microsoft Corporation Countermeasure against estimation-based attacks of spread-spectrum watermarks
MXPA04010349A (en) 2002-04-22 2005-06-08 Nielsen Media Res Inc Methods and apparatus to collect audience information associated with a media presentation.
JP2003316556A (en) 2002-04-24 2003-11-07 Canon Inc Transaction system, terminal equipment, terminal, transaction method, transaction program and computer- readable recording medium with transaction program recorded thereon
WO2003093961A2 (en) 2002-05-02 2003-11-13 Shieldip, Inc. Method and apparatus for protecting information and privacy
AU2003264750A1 (en) 2002-05-03 2003-11-17 Harman International Industries, Incorporated Multi-channel downmixing device
CN100353767C (en) 2002-05-10 2007-12-05 皇家飞利浦电子股份有限公司 Watermark embedding and retrieval
JP3780510B2 (en) 2002-05-28 2006-05-31 日本電信電話株式会社 Multiple digital watermark processing method, multiple digital watermark processing apparatus, multiple digital watermark processing program, and storage medium storing the processing program
US7519819B2 (en) 2002-05-29 2009-04-14 Digimarc Corporatino Layered security in digital watermarking
US6954541B2 (en) 2002-05-29 2005-10-11 Xerox Corporation Method of detecting changes occurring in image editing using watermarks
US7039931B2 (en) 2002-05-30 2006-05-02 Nielsen Media Research, Inc. Multi-market broadcast tracking, management and reporting method and system
CN100458949C (en) 2002-06-03 2009-02-04 皇家飞利浦电子股份有限公司 Re-embedding of watermarks in multimedia signals
KR100888589B1 (en) 2002-06-18 2009-03-16 삼성전자주식회사 Method and apparatus for extracting watermark from repeatedly watermarked original information
US8601504B2 (en) 2002-06-20 2013-12-03 Verance Corporation Secure tracking system and method for video program content
US7818763B2 (en) 2002-06-25 2010-10-19 Starz Entertainment, Llc Video advertising
US7188248B2 (en) 2002-07-09 2007-03-06 Kaleidescope, Inc. Recovering from de-synchronization attacks against watermarking and fingerprinting
US7003131B2 (en) 2002-07-09 2006-02-21 Kaleidescape, Inc. Watermarking and fingerprinting digital content using alternative blocks to embed information
US20040091111A1 (en) 2002-07-16 2004-05-13 Levy Kenneth L. Digital watermarking and fingerprinting applications
JP3754403B2 (en) 2002-07-26 2006-03-15 株式会社東芝 Digital watermark detection method and apparatus
JP2004064582A (en) * 2002-07-31 2004-02-26 Hitachi Ltd Broadcast content copyright protection system
US8176508B2 (en) 2002-08-02 2012-05-08 Time Warner Cable Method and apparatus to provide verification of data using a fingerprint
JP2004070606A (en) 2002-08-05 2004-03-04 Kanazawa Inst Of Technology Contents management method and device
JP3749884B2 (en) 2002-08-28 2006-03-01 株式会社東芝 Digital watermark embedding device, digital watermark analysis device, digital watermark embedding method, digital watermark analysis method, and program
US7133534B2 (en) 2002-09-03 2006-11-07 Koninklijke Philips Electronics N.V. Copy protection via redundant watermark encoding
TWI290286B (en) 2002-09-05 2007-11-21 Matsushita Electric Ind Co Ltd Group formation/management system, group management device, member device, registration device, authentication method used in a group management device, and recording medium storing a computer program used in a group management device
JP4266677B2 (en) 2002-09-20 2009-05-20 三洋電機株式会社 Digital watermark embedding method and encoding device and decoding device capable of using the method
EP2442566A3 (en) 2002-10-15 2012-08-08 Verance Corporation Media Monitoring, Management and Information System
US20040088556A1 (en) 2002-10-31 2004-05-06 Weirauch Charles R. Using digital watermarking for protection of digital data
JP3960959B2 (en) 2002-11-08 2007-08-15 三洋電機株式会社 Digital watermark embedding apparatus and method, and digital watermark extraction apparatus and method
KR100448888B1 (en) 2002-11-28 2004-09-18 한국전자통신연구원 Broadcasting server system for protection and management of digital broadcasting contents, processing method in its
JP2004193843A (en) 2002-12-10 2004-07-08 Nippon Hoso Kyokai <Nhk> Device, method, and program for content delivery and device, method, and program for reproducing content
JP2004194233A (en) 2002-12-13 2004-07-08 Mitsubishi Electric Corp Contents management apparatus and contents distribution apparatus
RU2324301C2 (en) 2003-02-10 2008-05-10 Конинклейке Филипс Электроникс Н.В. Import control of content
AU2003206940A1 (en) 2003-02-21 2004-09-09 Telefonaktiebolaget Lm Ericsson (Publ) Method for embedding and detecting a watermark in a digital audio signal
JP4823890B2 (en) 2003-03-06 2011-11-24 ディジマーク コーポレイション Document authentication method
CN1447269A (en) * 2003-04-10 2003-10-08 深圳市深信服电子科技有限公司 Certificate authentication system and method based on hardware characteristics
US20040202324A1 (en) 2003-04-11 2004-10-14 Matsushita Electric Industrial Co., Ltd Program electronic watermark processing apparatus
US20040216157A1 (en) 2003-04-25 2004-10-28 Richard Shain System and method for advertising purchase verification
KR100624751B1 (en) 2003-04-25 2006-09-19 (주)마크텍 A method for embedding watermark into an image and digital video recoreder using said method
JP4200106B2 (en) 2003-07-15 2008-12-24 株式会社リコー Image processing apparatus, image processing method, computer program, and storage medium for storing computer program
US7206649B2 (en) 2003-07-15 2007-04-17 Microsoft Corporation Audio watermarking with dual watermarks
US7254250B2 (en) 2003-07-31 2007-08-07 Hewlett-Packard Development Company, L.P. Watermark embedding and extraction method and apparatus in compressed streams
EP1658586A1 (en) 2003-08-19 2006-05-24 Koninklijke Philips Electronics N.V. Detecting a watermark using a subset of available detection methods
JP4269861B2 (en) 2003-09-12 2009-05-27 沖電気工業株式会社 Printed material processing system, watermarked document printing device, watermarked document reading device, printed material processing method, information reading device, and information reading method
US20050071663A1 (en) 2003-09-26 2005-03-31 General Instrument Corporation Separation of copy protection rules for digital rights management
US7706565B2 (en) 2003-09-30 2010-04-27 Digimarc Corporation Multi-channel digital watermarking
US20070039018A1 (en) 2005-08-09 2007-02-15 Verance Corporation Apparatus, systems and methods for broadcast advertising stewardship
US7369677B2 (en) 2005-04-26 2008-05-06 Verance Corporation System reactions to the detection of embedded watermarks in a digital host content
US7616776B2 (en) 2005-04-26 2009-11-10 Verance Corproation Methods and apparatus for enhancing the robustness of watermark extraction from digital host content
US9055239B2 (en) 2003-10-08 2015-06-09 Verance Corporation Signal continuity assessment using embedded watermarks
US20060239501A1 (en) 2005-04-26 2006-10-26 Verance Corporation Security enhancements of digital watermarks for multi-media content
WO2005038778A1 (en) 2003-10-17 2005-04-28 Koninklijke Philips Electronics N.V. Signal encoding
KR100907121B1 (en) 2003-12-05 2009-07-09 모션 픽쳐 어쏘시에이션 오브 아메리카 System and method for controlling display of copy-never content
US20050154891A1 (en) 2004-01-08 2005-07-14 Eastman Kodak Company Metadata-based, anti-fraudulant identification card method and production system
US8023882B2 (en) 2004-01-14 2011-09-20 The Nielsen Company (Us), Llc. Portable audience measurement architectures and methods for portable audience measurement
CN1910612A (en) 2004-01-15 2007-02-07 皇家飞利浦电子股份有限公司 Method of allocating payload bits of a watermark
EP1709760A1 (en) 2004-01-16 2006-10-11 Koninklijke Philips Electronics N.V. Method of allocating optimal payload space
US20070214049A1 (en) 2004-03-01 2007-09-13 Richard Postrel Broadcast television reward program and method of use for issuing, aggregating and redeeming sponsor's reward points
CN102169693B (en) 2004-03-01 2014-07-23 杜比实验室特许公司 Multichannel audio coding
AU2005220863B2 (en) 2004-03-09 2010-03-04 Google Llc Dynamic data delivery apparatus and method for same
US7711140B2 (en) 2004-04-21 2010-05-04 Canon Kabushiki Kaisha Secure recorded documents
US7693297B2 (en) 2004-08-05 2010-04-06 Xiao-Ping Zhang Watermark embedding and detecting methods, systems, devices and components
JP4155956B2 (en) 2004-09-16 2008-09-24 三洋電機株式会社 Digital watermark embedding apparatus and method, and digital watermark extraction apparatus and method
WO2006051043A1 (en) 2004-11-10 2006-05-18 Thomson Licensing Method for securely binding content protection information to a content and method for verifying this binding
JP4034776B2 (en) 2004-11-12 2008-01-16 株式会社東芝 Digital watermark detection apparatus, digital watermark detection method, and program
PT1684265E (en) 2005-01-21 2008-10-27 Unltd Media Gmbh Method of embedding a digital watermark in a useful signal
US20060227968A1 (en) 2005-04-08 2006-10-12 Chen Oscal T Speech watermark system
US7983922B2 (en) 2005-04-15 2011-07-19 Fraunhofer-Gesellschaft Zur Foerderung Der Angewandten Forschung E.V. Apparatus and method for generating multi-channel synthesizer control signal and apparatus and method for multi-channel synthesizing
CA2605641A1 (en) 2005-04-26 2006-11-02 Verance Corporation Security enhancements of digital watermarks for multi-media content
CN100461864C (en) 2005-06-25 2009-02-11 华为技术有限公司 Multimedia video communication objective quality appraising method based on digital watermark
US8020004B2 (en) 2005-07-01 2011-09-13 Verance Corporation Forensic marking using a common customization function
US8781967B2 (en) 2005-07-07 2014-07-15 Verance Corporation Watermarking in an encrypted domain
JP4935015B2 (en) 2005-07-29 2012-05-23 ソニー株式会社 Content distribution system, content distribution method, content transmission terminal, and content reception terminal
US7630497B2 (en) 2005-09-19 2009-12-08 International Business Machines Corporation System and method for assigning sequence keys to a media player to enable hybrid traitor tracing
CN101288098A (en) * 2005-10-13 2008-10-15 皇家飞利浦电子股份有限公司 Remote informed watermark detection system
GB2431837A (en) 2005-10-28 2007-05-02 Sony Uk Ltd Audio processing
CN101313331A (en) 2005-11-24 2008-11-26 皇家飞利浦电子股份有限公司 Multibit forensic watermark with encrypted detection key
WO2007076459A2 (en) 2005-12-21 2007-07-05 Digimarc Corporation Rules driven pan id metadata routing system and network
US7788181B2 (en) 2005-12-27 2010-08-31 Microsoft Corporation Software licensing using certificate issued by authorized authority
CN100581239C (en) * 2006-01-11 2010-01-13 索尼株式会社 Content transmission system, device and method
US7536373B2 (en) 2006-02-14 2009-05-19 International Business Machines Corporation Resource allocation using relational fuzzy modeling
EP1999999B1 (en) 2006-03-24 2011-11-02 Dolby Sweden AB Generation of spatial downmixes from parametric representations of multi channel signals
KR20090020632A (en) 2006-06-19 2009-02-26 파나소닉 주식회사 Information burying device and detecting device
JP5049288B2 (en) * 2006-11-09 2012-10-17 パナソニック株式会社 Tamper detection system, tamper detection method, tamper detection program, recording medium, integrated circuit, authentication information generation device, and tamper detection device
GB2445765A (en) 2006-12-14 2008-07-23 Media Instr Sa Movable audience measurement system
US9179200B2 (en) 2007-03-14 2015-11-03 Digimarc Corporation Method and system for determining content treatment
EP2135376A4 (en) 2007-03-22 2012-12-19 Nielsen Co Us Llc Digital rights management and audience measurement systems and methods
US9349153B2 (en) 2007-04-25 2016-05-24 Digimarc Corporation Correcting image capture distortion
KR101383307B1 (en) 2007-06-14 2014-04-09 톰슨 라이센싱 Method and apparatus for setting a detection threshold given a desired false probability
US20090033617A1 (en) 2007-08-02 2009-02-05 Nokia Corporation Haptic User Interface
US8176112B2 (en) * 2007-10-12 2012-05-08 At&T Intellectual Property I, L.P. Systems, methods, and products for multimedia applications gateways
JP2009158055A (en) 2007-12-27 2009-07-16 Toshiba Corp Audio data processing system and audio data processing method
JP2009163496A (en) * 2008-01-07 2009-07-23 Funai Electric Co Ltd Content reproduction system
KR101442836B1 (en) 2008-01-07 2014-11-04 삼성전자주식회사 Method for providing additional information of video using visible communication and apparatus for the same
US8527651B2 (en) 2008-06-19 2013-09-03 Huawei Technologies Co., Ltd. Content identification method and system, and SCIDM client and server
US8259938B2 (en) 2008-06-24 2012-09-04 Verance Corporation Efficient and secure forensic marking in compressed
US8346532B2 (en) 2008-07-11 2013-01-01 International Business Machines Corporation Managing the creation, detection, and maintenance of sensitive information
KR100985190B1 (en) 2008-07-18 2010-10-05 주식회사 마크애니 Method and System for Providing Information Using Watermark
EP2166725A1 (en) 2008-08-28 2010-03-24 Alcatel, Lucent Control of delivery of digital content, and an apparatus therefor
EP2175443A1 (en) 2008-10-10 2010-04-14 Thomson Licensing Method and apparatus for for regaining watermark data that were embedded in an original signal by modifying sections of said original signal in relation to at least two different reference data sequences
US8423761B2 (en) 2008-10-31 2013-04-16 Motorola Solutions, Inc. Method and device for enabling a trust relationship using an expired public key infrastructure (PKI) certificate
WO2010073236A1 (en) 2008-12-22 2010-07-01 France Telecom A method of and apparatus for authenticating data content
US8529264B2 (en) 2008-12-23 2013-09-10 Benjamin J. Hamlin Method facilitating language learning
US9003512B2 (en) 2009-01-16 2015-04-07 Cox Communications, Inc. Content protection management system
KR20100095245A (en) 2009-02-20 2010-08-30 삼성전자주식회사 Method and apparatus for embedding watermark
JP5742057B2 (en) 2009-03-03 2015-07-01 ディジマーク コーポレイション Narrow casting from public displays and related arrangements
KR20100009384U (en) 2009-03-17 2010-09-29 주식회사 리수산업 Connecting clamp of h beam with rail type guide tool
JP2010272920A (en) 2009-05-19 2010-12-02 Mitsubishi Electric Corp Electronic watermark embedding apparatus, electronic watermark embedding method, and electronic watermark embedding program
US8489774B2 (en) 2009-05-27 2013-07-16 Spot411 Technologies, Inc. Synchronized delivery of interactive content
US8718805B2 (en) 2009-05-27 2014-05-06 Spot411 Technologies, Inc. Audio-based synchronization to media
JP5266396B2 (en) 2009-10-30 2013-08-21 パナソニック株式会社 AV data receiving apparatus, AV data receiving method, and AV data transmitting / receiving system
US8954434B2 (en) 2010-01-08 2015-02-10 Microsoft Corporation Enhancing a document with supplemental information from another document
US9342661B2 (en) 2010-03-02 2016-05-17 Time Warner Cable Enterprises Llc Apparatus and methods for rights-managed content and data delivery
US8645699B2 (en) 2010-03-15 2014-02-04 Blackberry Limited Use of certificate authority to control a device's access to services
US8452106B2 (en) 2010-03-23 2013-05-28 Microsoft Corporation Partition min-hash for partial-duplicate image determination
EP2387033A1 (en) 2010-05-11 2011-11-16 Thomson Licensing Method and apparatus for detecting which one of symbols of watermark data is embedded in a received signal
US9009339B2 (en) 2010-06-29 2015-04-14 Echostar Technologies L.L.C. Apparatus, systems and methods for accessing and synchronizing presentation of media content and supplemental media rich content
US9607131B2 (en) 2010-09-16 2017-03-28 Verance Corporation Secure and efficient content screening in a networked environment
US9767823B2 (en) 2011-02-07 2017-09-19 Qualcomm Incorporated Devices for encoding and detecting a watermarked signal
US8189861B1 (en) 2011-04-05 2012-05-29 Google Inc. Watermarking digital documents
US9380356B2 (en) 2011-04-12 2016-06-28 The Nielsen Company (Us), Llc Methods and apparatus to generate a tag for media content
US20130031579A1 (en) 2011-07-28 2013-01-31 United Video Properties, Inc. Systems and methods for selectively modifying the display of advertisements and providing supplementary media content
US8923548B2 (en) 2011-11-03 2014-12-30 Verance Corporation Extraction of embedded watermarks from a host content using a plurality of tentative watermarks
US8533481B2 (en) 2011-11-03 2013-09-10 Verance Corporation Extraction of embedded watermarks from a host content based on extrapolation techniques
US8615104B2 (en) 2011-11-03 2013-12-24 Verance Corporation Watermark extraction based on tentative watermarks
US8682026B2 (en) 2011-11-03 2014-03-25 Verance Corporation Efficient extraction of embedded watermarks in the presence of host content distortions
WO2013067439A1 (en) 2011-11-03 2013-05-10 Verance Corporation Watermark extraction based on tentative watermarks
US9281013B2 (en) 2011-11-22 2016-03-08 Cyberlink Corp. Systems and methods for transmission of media content
US8745403B2 (en) 2011-11-23 2014-06-03 Verance Corporation Enhanced content management based on watermark extraction records
US9323902B2 (en) 2011-12-13 2016-04-26 Verance Corporation Conditional access using embedded watermarks
US20130151855A1 (en) 2011-12-13 2013-06-13 Verance Corporation Watermark embedding workflow improvements
US9547753B2 (en) 2011-12-13 2017-01-17 Verance Corporation Coordinated watermarking

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6550011B1 (en) * 1998-08-05 2003-04-15 Hewlett Packard Development Company, L.P. Media content protection utilizing public key cryptography
US6697944B1 (en) * 1999-10-01 2004-02-24 Microsoft Corporation Digital content distribution, transmission and protection system and method, and portable device for use therewith
US20030076955A1 (en) * 2001-10-18 2003-04-24 Jukka Alve System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state
US20070005500A1 (en) * 2005-06-20 2007-01-04 Microsoft Corporation Secure online transactions using a captcha image as a watermark

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9099080B2 (en) 2013-02-06 2015-08-04 Muzak Llc System for targeting location-based communications
US9317872B2 (en) 2013-02-06 2016-04-19 Muzak Llc Encoding and decoding an audio watermark using key sequences comprising of more than two frequency components
US9424594B2 (en) 2013-02-06 2016-08-23 Muzak Llc System for targeting location-based communications
US9858596B2 (en) 2013-02-06 2018-01-02 Muzak Llc System for targeting location-based communications

Also Published As

Publication number Publication date
EP2616984A2 (en) 2013-07-24
WO2012037420A3 (en) 2012-05-31
WO2012037422A2 (en) 2012-03-22
EP2616986A2 (en) 2013-07-24
KR101531450B1 (en) 2015-06-24
US8838977B2 (en) 2014-09-16
KR20130056342A (en) 2013-05-29
US20120072731A1 (en) 2012-03-22
CN103189872A (en) 2013-07-03
EP2616986A4 (en) 2015-07-01
CN103189873A (en) 2013-07-03
US8838978B2 (en) 2014-09-16
US20120072730A1 (en) 2012-03-22
KR101594230B1 (en) 2016-02-26
KR20130056343A (en) 2013-05-29
CN103189872B (en) 2016-05-18
WO2012037422A3 (en) 2012-06-14
US20120072729A1 (en) 2012-03-22
EP2616984A4 (en) 2015-06-24
US9607131B2 (en) 2017-03-28

Similar Documents

Publication Publication Date Title
US9607131B2 (en) Secure and efficient content screening in a networked environment
US10769252B2 (en) Method and apparatus for watermarking of digital content, method for extracting information
RU2375748C2 (en) Presentation of protected digital content in computer network or similar
US9313248B2 (en) Method and apparatus for delivering encoded content
CN111327620B (en) Data security traceability and access control system under cloud computing framework
US8091137B2 (en) Transferring a data object between devices
US8165304B2 (en) Domain digital rights management system, license sharing method for domain digital rights management system, and license server
US20060149683A1 (en) User terminal for receiving license
US20090193262A1 (en) Security threshold enforcement in anchor point-based digital rights management
US20140223580A1 (en) Method of and apparatus for processing software using hash function to secure software, and computer-readable medium storing executable instructions for performing the method
US7634816B2 (en) Revocation information management
KR20070104628A (en) Private and controlled ownership sharing
US20070016784A1 (en) Method of storing revocation list
KR20140000352A (en) Device and method for a backup of rights objects
US8538890B2 (en) Encrypting a unique cryptographic entity
WO2008148114A1 (en) Trusted storage
CN1645797A (en) Method for optimizing safety data transmission in digital copyright managing system
Peinado Digital rights management in a multimedia environment
US8495749B2 (en) Method, apparatus and computer program product for a content protection system for protecting personal content
JP2007158984A (en) Electronic document authenticity assurance method, and electronic document disclosure system
Petrovic et al. Watermark screening in networked environment
CN116488855A (en) Lightweight weight determining system and method based on chained memory structure encryption technology
Peinado Digital Rights Management and Windows Media Player
Diehl et al. Protection in Unicast/Multicast

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11825990

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2011825990

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20137009718

Country of ref document: KR

Kind code of ref document: A